GitHub-Mirror/build
2
0
Fork 0
mirror of https://github.com/Fishwaldo/build.git synced 2025-03-22 06:41:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
build/patch/kernel/sun4i-default/0020-clustering-patch-3.4-ja1.patch

2316 lines
69 KiB
Diff
Raw Blame History

diff -urp v3.4/linux/Documentation/networking/ip-sysctl.txt linux/Documentation/networking/ip-sysctl.txt
--- v3.4/linux/Documentation/networking/ip-sysctl.txt 2012-05-21 23:03:38.000000000 +0300
+++ linux/Documentation/networking/ip-sysctl.txt 2012-05-21 23:32:17.750747679 +0300
@@ -761,6 +761,24 @@ accept_redirects - BOOLEAN
forwarding - BOOLEAN
Enable IP forwarding on this interface.
+forward_shared - BOOLEAN
+ Integer value determines if a source validation should allow
+ forwarding of packets with local source address. 1 means yes,
+ 0 means no. By default the flag is disabled and such packets
+ are not forwarded.
+
+ If you enable this flag on internal network, the router will forward
+ packets from internal hosts with shared IP addresses no matter how
+ the rp_filter is set. This flag is activated only if it is
+ enabled both in specific device section and in "all" section.
+
+loop - BOOLEAN
+ By default (loop=0) the traffic between local IP addresses
+ is routed via interface "lo". Setting this flag for two
+ interfaces allows traffic between their IP addresses to
+ be looped externally. This is useful for setups where the
+ interfaces are attached to same broadcast medium.
+
mc_forwarding - BOOLEAN
Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
and a multicast routing daemon is required.
@@ -970,6 +988,23 @@ disable_xfrm - BOOLEAN
+hidden - BOOLEAN
+ Hide addresses attached to this device from other devices.
+ Such addresses will never be selected by source address autoselection
+ mechanism, host does not answer broadcast ARP requests for them,
+ does not announce them as source address of ARP requests, but they
+ are still reachable via IP. This flag is activated only if it is
+ enabled both in specific device section and in "all" section.
+
+rp_filter_mask - INTEGER
+ Integer value representing bitmask of the mediums for which the
+ reverse path protection is disabled. If the source validation
+ results in reverse path to interface with medium_id value in
+ the 1..31 range the access is allowed if the corresponding bit
+ is set in the bitmask. The bitmask value is considered only when
+ rp_filter is enabled. By default the bitmask is empty preserving
+ the original rp_filter semantic.
+
tag - INTEGER
Allows you to write a number, which can be used as required.
Default value is 0.
diff -urp v3.4/linux/include/linux/inetdevice.h linux/include/linux/inetdevice.h
--- v3.4/linux/include/linux/inetdevice.h 2012-05-21 23:04:36.000000000 +0300
+++ linux/include/linux/inetdevice.h 2012-05-21 23:33:47.726751840 +0300
@@ -32,6 +32,10 @@ enum
IPV4_DEVCONF_FORCE_IGMP_VERSION,
IPV4_DEVCONF_ARP_ANNOUNCE,
IPV4_DEVCONF_ARP_IGNORE,
+ IPV4_DEVCONF_HIDDEN,
+ IPV4_DEVCONF_FORWARD_SHARED,
+ IPV4_DEVCONF_RP_FILTER_MASK,
+ IPV4_DEVCONF_LOOP,
IPV4_DEVCONF_PROMOTE_SECONDARIES,
IPV4_DEVCONF_ARP_ACCEPT,
IPV4_DEVCONF_ARP_NOTIFY,
@@ -122,12 +126,14 @@ static inline void ipv4_devconf_setall(s
#define IN_DEV_LOG_MARTIANS(in_dev) IN_DEV_ORCONF((in_dev), LOG_MARTIANS)
#define IN_DEV_PROXY_ARP(in_dev) IN_DEV_ORCONF((in_dev), PROXY_ARP)
#define IN_DEV_PROXY_ARP_PVLAN(in_dev) IN_DEV_CONF_GET(in_dev, PROXY_ARP_PVLAN)
+#define IN_DEV_HIDDEN(in_dev) IN_DEV_ANDCONF((in_dev), HIDDEN)
#define IN_DEV_SHARED_MEDIA(in_dev) IN_DEV_ORCONF((in_dev), SHARED_MEDIA)
#define IN_DEV_TX_REDIRECTS(in_dev) IN_DEV_ORCONF((in_dev), SEND_REDIRECTS)
#define IN_DEV_SEC_REDIRECTS(in_dev) IN_DEV_ORCONF((in_dev), \
SECURE_REDIRECTS)
#define IN_DEV_IDTAG(in_dev) IN_DEV_CONF_GET(in_dev, TAG)
#define IN_DEV_MEDIUM_ID(in_dev) IN_DEV_CONF_GET(in_dev, MEDIUM_ID)
+#define IN_DEV_RPFILTER_MASK(in_dev) IN_DEV_CONF_GET(in_dev, RP_FILTER_MASK)
#define IN_DEV_PROMOTE_SECONDARIES(in_dev) \
IN_DEV_ORCONF((in_dev), \
PROMOTE_SECONDARIES)
@@ -138,6 +144,8 @@ static inline void ipv4_devconf_setall(s
|| (!IN_DEV_FORWARD(in_dev) && \
IN_DEV_ORCONF((in_dev), ACCEPT_REDIRECTS)))
+#define IN_DEV_LOOP(in_dev) IN_DEV_CONF_GET(in_dev, LOOP)
+#define IN_DEV_FORWARD_SHARED(in_dev) IN_DEV_ANDCONF((in_dev), FORWARD_SHARED)
#define IN_DEV_ARPFILTER(in_dev) IN_DEV_ORCONF((in_dev), ARPFILTER)
#define IN_DEV_ARP_ACCEPT(in_dev) IN_DEV_ORCONF((in_dev), ARP_ACCEPT)
#define IN_DEV_ARP_ANNOUNCE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_ANNOUNCE)
diff -urp v3.4/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h
--- v3.4/linux/include/linux/rtnetlink.h 2012-03-20 00:05:18.000000000 +0200
+++ linux/include/linux/rtnetlink.h 2012-05-21 23:32:17.754747680 +0300
@@ -120,6 +120,13 @@ enum {
RTM_SETDCB,
#define RTM_SETDCB RTM_SETDCB
+ RTM_NEWARPRULE = 80,
+#define RTM_NEWARPRULE RTM_NEWARPRULE
+ RTM_DELARPRULE,
+#define RTM_DELARPRULE RTM_DELARPRULE
+ RTM_GETARPRULE,
+#define RTM_GETARPRULE RTM_GETARPRULE
+
__RTM_MAX,
#define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1)
};
@@ -312,6 +319,8 @@ struct rtnexthop {
#define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
#define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
#define RTNH_F_ONLINK 4 /* Gateway is forced on link */
+#define RTNH_F_SUSPECT 8 /* We don't know the real state */
+#define RTNH_F_BADSTATE (RTNH_F_DEAD | RTNH_F_SUSPECT)
/* Macros to handle hexthops */
@@ -516,6 +525,54 @@ enum {
#define NDUSEROPT_MAX (__NDUSEROPT_MAX - 1)
+/******************************************************************************
+ * Definitions used in ARP tables administration
+ ****/
+
+#define ARPA_TABLE_INPUT 0
+#define ARPA_TABLE_OUTPUT 1
+#define ARPA_TABLE_FORWARD 2
+#define ARPA_TABLE_ALL -1
+
+#define ARPM_F_PREFSRC 0x0001
+#define ARPM_F_WILDIIF 0x0002
+#define ARPM_F_WILDOIF 0x0004
+#define ARPM_F_BROADCAST 0x0008
+#define ARPM_F_UNICAST 0x0010
+
+struct arpmsg
+{
+ unsigned char arpm_family;
+ unsigned char arpm_table;
+ unsigned char arpm_action;
+ unsigned char arpm_from_len;
+ unsigned char arpm_to_len;
+ unsigned char arpm__pad1;
+ unsigned short arpm__pad2;
+ unsigned arpm_pref;
+ unsigned arpm_flags;
+};
+
+enum
+{
+ ARPA_UNSPEC,
+ ARPA_FROM, /* FROM IP prefix */
+ ARPA_TO, /* TO IP prefix */
+ ARPA_LLFROM, /* FROM LL prefix */
+ ARPA_LLTO, /* TO LL prefix */
+ ARPA_LLSRC, /* New SRC lladdr */
+ ARPA_LLDST, /* New DST lladdr */
+ ARPA_IIF, /* In interface prefix */
+ ARPA_OIF, /* Out interface prefix */
+ ARPA_SRC, /* New IP SRC */
+ ARPA_DST, /* New IP DST, not used */
+ ARPA_PACKETS, /* Packets */
+};
+
+#define ARPA_MAX ARPA_PACKETS
+
+#define ARPA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct arpmsg))))
+
#ifndef __KERNEL__
/* RTnetlink multicast groups - backwards compatibility for userspace */
#define RTMGRP_LINK 1
@@ -536,6 +593,8 @@ enum {
#define RTMGRP_DECnet_IFADDR 0x1000
#define RTMGRP_DECnet_ROUTE 0x4000
+#define RTMGRP_ARP 0x00010000
+
#define RTMGRP_IPV6_PREFIX 0x20000
#endif
@@ -587,6 +646,8 @@ enum rtnetlink_groups {
#define RTNLGRP_PHONET_ROUTE RTNLGRP_PHONET_ROUTE
RTNLGRP_DCB,
#define RTNLGRP_DCB RTNLGRP_DCB
+ RTNLGRP_ARP,
+#define RTNLGRP_ARP RTNLGRP_ARP
__RTNLGRP_MAX
};
#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
diff -urp v3.4/linux/include/net/flow.h linux/include/net/flow.h
--- v3.4/linux/include/net/flow.h 2012-03-20 00:05:18.000000000 +0200
+++ linux/include/net/flow.h 2012-05-21 23:32:17.754747680 +0300
@@ -72,6 +72,7 @@ struct flowi4 {
#define fl4_ipsec_spi uli.spi
#define fl4_mh_type uli.mht.type
#define fl4_gre_key uli.gre_key
+ __be32 fl4_gw;
} __attribute__((__aligned__(BITS_PER_LONG/8)));
static inline void flowi4_init_output(struct flowi4 *fl4, int oif,
@@ -92,6 +93,7 @@ static inline void flowi4_init_output(st
fl4->saddr = saddr;
fl4->fl4_dport = dport;
fl4->fl4_sport = sport;
+ fl4->fl4_gw = 0;
}
/* Reset some input parameters after previous lookup */
diff -urp v3.4/linux/include/net/ip_fib.h linux/include/net/ip_fib.h
--- v3.4/linux/include/net/ip_fib.h 2011-07-22 09:43:31.000000000 +0300
+++ linux/include/net/ip_fib.h 2012-05-21 23:32:17.754747680 +0300
@@ -223,6 +223,8 @@ extern int fib_lookup(struct net *n, str
extern struct fib_table *fib_new_table(struct net *net, u32 id);
extern struct fib_table *fib_get_table(struct net *net, u32 id);
+extern int fib_result_table(struct fib_result *res);
+
#endif /* CONFIG_IP_MULTIPLE_TABLES */
/* Exported by fib_frontend.c */
@@ -230,8 +232,9 @@ extern const struct nla_policy rtm_ipv4_
extern void ip_fib_init(void);
extern int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
u8 tos, int oif, struct net_device *dev,
- __be32 *spec_dst, u32 *itag);
-extern void fib_select_default(struct fib_result *res);
+ __be32 *spec_dst, u32 *itag, int our);
+extern void fib_select_default(const struct flowi4 *flp,
+ struct fib_result *res);
/* Exported by fib_semantics.c */
extern int ip_fib_check_default(__be32 gw, struct net_device *dev);
@@ -239,7 +242,8 @@ extern int fib_sync_down_dev(struct net_
extern int fib_sync_down_addr(struct net *net, __be32 local);
extern void fib_update_nh_saddrs(struct net_device *dev);
extern int fib_sync_up(struct net_device *dev);
-extern void fib_select_multipath(struct fib_result *res);
+extern void fib_select_multipath(const struct flowi4 *flp,
+ struct fib_result *res);
/* Exported by fib_trie.c */
extern void fib_trie_init(void);
@@ -282,4 +286,6 @@ static inline void fib_proc_exit(struct
}
#endif
+extern rwlock_t fib_nhflags_lock;
+
#endif /* _NET_FIB_H */
diff -urp v3.4/linux/include/net/netfilter/nf_nat.h linux/include/net/netfilter/nf_nat.h
--- v3.4/linux/include/net/netfilter/nf_nat.h 2012-03-20 00:05:18.000000000 +0200
+++ linux/include/net/netfilter/nf_nat.h 2012-05-21 23:32:17.754747680 +0300
@@ -48,6 +48,13 @@ struct nf_conn_nat {
#endif
};
+/* Call input routing for SNAT-ed traffic */
+extern unsigned int ip_nat_route_input(unsigned int hooknum,
+ struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *));
+
/* Set up the info structure to map into this range. */
extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
const struct nf_nat_ipv4_range *range,
diff -urp v3.4/linux/include/net/route.h linux/include/net/route.h
--- v3.4/linux/include/net/route.h 2012-03-20 00:05:18.000000000 +0200
+++ linux/include/net/route.h 2012-05-21 23:32:17.754747680 +0300
@@ -48,6 +48,8 @@ struct rtable {
/* Lookup key. */
__be32 rt_key_dst;
__be32 rt_key_src;
+ __be32 rt_key_lsrc;
+ __be32 rt_key_gw;
int rt_genid;
unsigned rt_flags;
@@ -191,6 +193,7 @@ extern void ip_rt_multicast_event(struc
extern int ip_rt_ioctl(struct net *, unsigned int cmd, void __user *arg);
extern void ip_rt_get_source(u8 *src, struct sk_buff *skb, struct rtable *rt);
extern int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb);
+extern int ip_route_input_lookup(struct sk_buff*, __be32 dst, __be32 src, u8 tos, struct net_device *devin, __be32 lsrc);
struct in_ifaddr;
extern void fib_add_ifaddr(struct in_ifaddr *);
diff -urp v3.4/linux/net/bridge/br_netfilter.c linux/net/bridge/br_netfilter.c
--- v3.4/linux/net/bridge/br_netfilter.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/bridge/br_netfilter.c 2012-05-21 23:32:17.758747680 +0300
@@ -436,6 +436,9 @@ static int br_nf_pre_routing_finish(stru
struct rtable *rt;
int err;
+ /* Old skb->dst is not expected, it is lost in all cases */
+ skb_dst_drop(skb);
+
if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST;
nf_bridge->mask ^= BRNF_PKT_TYPE;
diff -urp v3.4/linux/net/core/rtnetlink.c linux/net/core/rtnetlink.c
--- v3.4/linux/net/core/rtnetlink.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/core/rtnetlink.c 2012-05-21 23:32:17.758747680 +0300
@@ -525,6 +525,7 @@ static const int rtm_min[RTM_NR_FAMILIES
[RTM_FAM(RTM_NEWACTION)] = NLMSG_LENGTH(sizeof(struct tcamsg)),
[RTM_FAM(RTM_GETMULTICAST)] = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
[RTM_FAM(RTM_GETANYCAST)] = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ [RTM_FAM(RTM_GETARPRULE)] = NLMSG_LENGTH(sizeof(struct arpmsg)),
};
static const int rta_max[RTM_NR_FAMILIES] =
@@ -537,6 +538,7 @@ static const int rta_max[RTM_NR_FAMILIES
[RTM_FAM(RTM_NEWTCLASS)] = TCA_MAX,
[RTM_FAM(RTM_NEWTFILTER)] = TCA_MAX,
[RTM_FAM(RTM_NEWACTION)] = TCAA_MAX,
+ [RTM_FAM(RTM_GETARPRULE)] = ARPA_MAX,
};
void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
diff -urp v3.4/linux/net/ipv4/arp.c linux/net/ipv4/arp.c
--- v3.4/linux/net/ipv4/arp.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/arp.c 2012-05-21 23:32:17.762747679 +0300
@@ -71,6 +71,9 @@
* sending (e.g. insert 8021q tag).
* Harald Welte : convert to make use of jenkins hash
* Jesper D. Brouer: Proxy ARP PVLAN RFC 3069 support.
+ * Julian Anastasov: "hidden" flag: hide the
+ * interface and don't reply for it
+ * Julian Anastasov: ARP filtering via netlink
*/
#include <linux/module.h>
@@ -94,6 +97,7 @@
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/stat.h>
+#include <net/netlink.h>
#include <linux/init.h>
#include <linux/net.h>
#include <linux/rcupdate.h>
@@ -185,6 +189,47 @@ struct neigh_table arp_tbl = {
};
EXPORT_SYMBOL(arp_tbl);
+struct arpf_node {
+ struct arpf_node * at_next;
+ u32 at_pref;
+ u32 at_from;
+ u32 at_from_mask;
+ u32 at_to;
+ u32 at_to_mask;
+ u32 at_src;
+ atomic_t at_packets;
+ atomic_t at_refcnt;
+ unsigned at_flags;
+ unsigned char at_from_len;
+ unsigned char at_to_len;
+ unsigned char at_action;
+ char at_dead;
+ unsigned char at_llfrom_len;
+ unsigned char at_llto_len;
+ unsigned char at_llsrc_len;
+ unsigned char at_lldst_len;
+ unsigned char at_iif_len;
+ unsigned char at_oif_len;
+ unsigned short at__pad1;
+ unsigned char at_llfrom[MAX_ADDR_LEN];
+ unsigned char at_llto[MAX_ADDR_LEN];
+ unsigned char at_llsrc[MAX_ADDR_LEN];
+ unsigned char at_lldst[MAX_ADDR_LEN];
+ char at_iif[IFNAMSIZ];
+ char at_oif[IFNAMSIZ];
+};
+
+static struct arpf_node *arp_tabs[3];
+
+static struct kmem_cache *arpf_cachep;
+
+static DEFINE_RWLOCK(arpf_lock);
+
+static void
+arpf_send(int table, struct net *net, struct sk_buff *skb, u32 sip, u32 tip,
+ unsigned char *from_hw, unsigned char *to_hw,
+ struct net_device *idev, struct net_device *odev);
+
int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
{
switch (dev->type) {
@@ -327,7 +372,10 @@ static void arp_solicit(struct neighbour
struct net_device *dev = neigh->dev;
__be32 target = *(__be32 *)neigh->primary_key;
int probes = atomic_read(&neigh->probes);
- struct in_device *in_dev;
+ struct in_device *in_dev, *in_dev2;
+ struct net_device *dev2;
+ int mode;
+ unsigned char tha[MAX_ADDR_LEN];
rcu_read_lock();
in_dev = __in_dev_get_rcu(dev);
@@ -335,9 +383,22 @@ static void arp_solicit(struct neighbour
rcu_read_unlock();
return;
}
- switch (IN_DEV_ARP_ANNOUNCE(in_dev)) {
+ mode = IN_DEV_ARP_ANNOUNCE(in_dev);
+ if (mode != 2 && skb &&
+ (dev2 = __ip_dev_find(dev_net(dev), ip_hdr(skb)->saddr,
+ false)) != NULL &&
+ (saddr = ip_hdr(skb)->saddr,
+ in_dev2 = __in_dev_get_rcu(dev2)) != NULL &&
+ IN_DEV_HIDDEN(in_dev2)) {
+ saddr = 0;
+ goto get;
+ }
+
+ switch (mode) {
default:
case 0: /* By default announce any local IP */
+ if (saddr)
+ break;
if (skb && inet_addr_type(dev_net(dev),
ip_hdr(skb)->saddr) == RTN_LOCAL)
saddr = ip_hdr(skb)->saddr;
@@ -345,8 +406,9 @@ static void arp_solicit(struct neighbour
case 1: /* Restrict announcements of saddr in same subnet */
if (!skb)
break;
- saddr = ip_hdr(skb)->saddr;
- if (inet_addr_type(dev_net(dev), saddr) == RTN_LOCAL) {
+ if (saddr ||
+ (saddr = ip_hdr(skb)->saddr,
+ inet_addr_type(dev_net(dev), saddr) == RTN_LOCAL)) {
/* saddr should be known to target */
if (inet_addr_onlink(in_dev, target, saddr))
break;
@@ -356,6 +418,8 @@ static void arp_solicit(struct neighbour
case 2: /* Avoid secondary IPs, get a primary/preferred one */
break;
}
+
+get:
rcu_read_unlock();
if (!saddr)
@@ -366,8 +430,10 @@ static void arp_solicit(struct neighbour
if (!(neigh->nud_state & NUD_VALID))
printk(KERN_DEBUG
"trying to ucast probe in NUD_INVALID\n");
- dst_ha = neigh->ha;
+ dst_ha = tha;
read_lock_bh(&neigh->lock);
+ memcpy(dst_ha, neigh->ha, dev->addr_len);
+ read_unlock_bh(&neigh->lock);
} else {
probes -= neigh->parms->app_probes;
if (probes < 0) {
@@ -378,10 +444,7 @@ static void arp_solicit(struct neighbour
}
}
- arp_send(ARPOP_REQUEST, ETH_P_ARP, target, dev, saddr,
- dst_ha, dev->dev_addr, NULL);
- if (dst_ha)
- read_unlock_bh(&neigh->lock);
+ arpf_send(ARPA_TABLE_OUTPUT,dev_net(dev),skb,saddr,target,NULL,dst_ha,NULL,dev);
}
static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip)
@@ -436,6 +499,21 @@ static int arp_filter(__be32 sip, __be32
return flag;
}
+static int arp_hidden(u32 tip, struct net_device *dev)
+{
+ struct net_device *dev2;
+ struct in_device *in_dev2;
+ int ret = 0;
+
+ if (!IPV4_DEVCONF_ALL(dev_net(dev), HIDDEN))
+ return 0;
+
+ if ((dev2 = __ip_dev_find(dev_net(dev), tip, false)) && dev2 != dev &&
+ (in_dev2 = __in_dev_get_rcu(dev2)) && IN_DEV_HIDDEN(in_dev2))
+ ret = 1;
+ return ret;
+}
+
/* OBSOLETE FUNCTIONS */
/*
@@ -728,7 +806,7 @@ static int arp_process(struct sk_buff *s
struct arphdr *arp;
unsigned char *arp_ptr;
struct rtable *rt;
- unsigned char *sha;
+ unsigned char *sha, *tha;
__be32 sip, tip;
u16 dev_type = dev->type;
int addr_type;
@@ -794,6 +872,7 @@ static int arp_process(struct sk_buff *s
arp_ptr += dev->addr_len;
memcpy(&sip, arp_ptr, 4);
arp_ptr += 4;
+ tha = arp_ptr;
arp_ptr += dev->addr_len;
memcpy(&tip, arp_ptr, 4);
/*
@@ -830,9 +909,10 @@ static int arp_process(struct sk_buff *s
if (sip == 0) {
if (arp->ar_op == htons(ARPOP_REQUEST) &&
inet_addr_type(net, tip) == RTN_LOCAL &&
+ !arp_hidden(tip, dev) &&
!arp_ignore(in_dev, sip, tip))
- arp_send(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, sha,
- dev->dev_addr, sha);
+ arpf_send(ARPA_TABLE_INPUT,net,
+ skb,sip,tip,sha,tha,dev,NULL);
goto out;
}
@@ -848,12 +928,13 @@ static int arp_process(struct sk_buff *s
dont_send = arp_ignore(in_dev, sip, tip);
if (!dont_send && IN_DEV_ARPFILTER(in_dev))
dont_send = arp_filter(sip, tip, dev);
+ if (!dont_send && skb->pkt_type != PACKET_HOST)
+ dont_send = arp_hidden(tip,dev);
if (!dont_send) {
n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
if (n) {
- arp_send(ARPOP_REPLY, ETH_P_ARP, sip,
- dev, tip, sha, dev->dev_addr,
- sha);
+ arpf_send(ARPA_TABLE_INPUT,net,
+ skb,sip,tip,sha,tha,dev,NULL);
neigh_release(n);
}
}
@@ -871,9 +952,9 @@ static int arp_process(struct sk_buff *s
if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED ||
skb->pkt_type == PACKET_HOST ||
in_dev->arp_parms->proxy_delay == 0) {
- arp_send(ARPOP_REPLY, ETH_P_ARP, sip,
- dev, tip, sha, dev->dev_addr,
- sha);
+ arpf_send(ARPA_TABLE_FORWARD,net,
+ skb,sip,tip,sha,tha,dev,
+ rt->dst.dev);
} else {
pneigh_enqueue(&arp_tbl,
in_dev->arp_parms, skb);
@@ -1258,6 +1339,548 @@ void arp_ifdown(struct net_device *dev)
}
+static void arpf_destroy(struct arpf_node *afp)
+{
+ if (!afp->at_dead) {
+ printk(KERN_ERR "Destroying alive arp table node %p from %08lx\n", afp,
+ *(((unsigned long*)&afp)-1));
+ return;
+ }
+ kmem_cache_free(arpf_cachep, afp);
+}
+
+static inline void arpf_put(struct arpf_node *afp)
+{
+ if (atomic_dec_and_test(&afp->at_refcnt))
+ arpf_destroy(afp);
+}
+
+static inline struct arpf_node *
+arpf_lookup(int table, struct sk_buff *skb, u32 sip, u32 tip,
+ unsigned char *from_hw, unsigned char *to_hw,
+ struct net_device *idev, struct net_device *odev)
+{
+ int sz_iif = idev? strlen(idev->name) : 0;
+ int sz_oif = odev? strlen(odev->name) : 0;
+ int alen;
+ struct arpf_node *afp;
+
+ if (ARPA_TABLE_OUTPUT != table) {
+ alen = idev->addr_len;
+ } else {
+ if (!from_hw) from_hw = odev->dev_addr;
+ if (!to_hw) to_hw = odev->broadcast;
+ alen = odev->addr_len;
+ }
+
+ read_lock(&arpf_lock);
+ for (afp = arp_tabs[table]; afp; afp = afp->at_next) {
+ if ((tip ^ afp->at_to) & afp->at_to_mask)
+ continue;
+ if ((sip ^ afp->at_from) & afp->at_from_mask)
+ continue;
+ if (afp->at_llfrom_len &&
+ (afp->at_llfrom_len > alen ||
+ memcmp(from_hw, afp->at_llfrom, afp->at_llfrom_len)))
+ continue;
+ if (afp->at_llto_len &&
+ (afp->at_llto_len > alen ||
+ memcmp(to_hw, afp->at_llto, afp->at_llto_len)))
+ continue;
+ if (afp->at_iif_len &&
+ (afp->at_iif_len > sz_iif ||
+ memcmp(afp->at_iif, idev->name, afp->at_iif_len) ||
+ (sz_iif != afp->at_iif_len &&
+ !(afp->at_flags & ARPM_F_WILDIIF))))
+ continue;
+ if (afp->at_oif_len &&
+ (afp->at_oif_len > sz_oif ||
+ memcmp(afp->at_oif, odev->name, afp->at_oif_len) ||
+ (sz_oif != afp->at_oif_len &&
+ !(afp->at_flags & ARPM_F_WILDOIF))))
+ continue;
+ if (afp->at_flags & ARPM_F_BROADCAST &&
+ skb->pkt_type == PACKET_HOST)
+ continue;
+ if (afp->at_flags & ARPM_F_UNICAST &&
+ skb->pkt_type != PACKET_HOST)
+ continue;
+ if (afp->at_llsrc_len && afp->at_llsrc_len != alen)
+ continue;
+ if (afp->at_lldst_len && afp->at_lldst_len != alen)
+ continue;
+ atomic_inc(&afp->at_packets);
+ break;
+ }
+ read_unlock(&arpf_lock);
+ return afp;
+}
+
+static void
+arpf_send(int table, struct net *net, struct sk_buff *skb, u32 sip, u32 tip,
+ unsigned char *from_hw, unsigned char *to_hw,
+ struct net_device *idev, struct net_device *odev)
+{
+ struct arpf_node *afp = NULL;
+
+ if (!arp_tabs[table] ||
+ net != &init_net ||
+ !(afp = arpf_lookup(table, skb, sip, tip,
+ from_hw, to_hw, idev, odev))) {
+ switch (table) {
+ case ARPA_TABLE_INPUT:
+ case ARPA_TABLE_FORWARD:
+ arp_send(ARPOP_REPLY, ETH_P_ARP, sip, idev, tip,
+ from_hw, idev->dev_addr, from_hw);
+ break;
+ case ARPA_TABLE_OUTPUT:
+ arp_send(ARPOP_REQUEST, ETH_P_ARP, tip, odev, sip,
+ to_hw, odev->dev_addr, NULL);
+ break;
+ }
+ return;
+ }
+
+ /* deny? */
+ if (!afp->at_action) goto out;
+
+ switch (table) {
+ case ARPA_TABLE_INPUT:
+ case ARPA_TABLE_FORWARD:
+ arp_send(ARPOP_REPLY, ETH_P_ARP, sip, idev, tip,
+ afp->at_lldst_len?afp->at_lldst:from_hw,
+ afp->at_llsrc_len?afp->at_llsrc:idev->dev_addr,
+ afp->at_lldst_len?afp->at_lldst:from_hw);
+ break;
+ case ARPA_TABLE_OUTPUT:
+ if (afp->at_flags & ARPM_F_PREFSRC && afp->at_src == 0) {
+ struct rtable *rt;
+ struct flowi4 fl4 = { .daddr = tip,
+ .flowi4_oif = odev->ifindex };
+
+ rt = ip_route_output_key(net, &fl4);
+ if (IS_ERR(rt))
+ break;
+ sip = rt->rt_src;
+ ip_rt_put(rt);
+ if (!sip)
+ break;
+ }
+ arp_send(ARPOP_REQUEST, ETH_P_ARP, tip, odev, afp->at_src?:sip,
+ afp->at_lldst_len?afp->at_lldst:to_hw,
+ afp->at_llsrc_len?afp->at_llsrc:odev->dev_addr,
+ NULL);
+ break;
+ }
+
+out:
+ arpf_put(afp);
+}
+
+static int
+arpf_fill_node(struct sk_buff *skb, u32 pid, u32 seq, unsigned flags,
+ int event, int table, struct arpf_node *afp)
+{
+ struct arpmsg *am;
+ struct nlmsghdr *nlh;
+ u32 packets = atomic_read(&afp->at_packets);
+
+ nlh = nlmsg_put(skb, pid, seq, event, sizeof(*am), 0);
+ if (nlh == NULL)
+ return -ENOBUFS;
+ nlh->nlmsg_flags = flags;
+ am = nlmsg_data(nlh);
+ am->arpm_family = AF_UNSPEC;
+ am->arpm_table = table;
+ am->arpm_action = afp->at_action;
+ am->arpm_from_len = afp->at_from_len;
+ am->arpm_to_len = afp->at_to_len;
+ am->arpm_pref = afp->at_pref;
+ am->arpm_flags = afp->at_flags;
+ if (afp->at_from_len)
+ NLA_PUT(skb, ARPA_FROM, 4, &afp->at_from);
+ if (afp->at_to_len)
+ NLA_PUT(skb, ARPA_TO, 4, &afp->at_to);
+ if (afp->at_src || afp->at_flags & ARPM_F_PREFSRC)
+ NLA_PUT(skb, ARPA_SRC, 4, &afp->at_src);
+ if (afp->at_iif[0])
+ NLA_PUT(skb, ARPA_IIF, sizeof(afp->at_iif), afp->at_iif);
+ if (afp->at_oif[0])
+ NLA_PUT(skb, ARPA_OIF, sizeof(afp->at_oif), afp->at_oif);
+ if (afp->at_llfrom_len)
+ NLA_PUT(skb, ARPA_LLFROM, afp->at_llfrom_len, afp->at_llfrom);
+ if (afp->at_llto_len)
+ NLA_PUT(skb, ARPA_LLTO, afp->at_llto_len, afp->at_llto);
+ if (afp->at_llsrc_len)
+ NLA_PUT(skb, ARPA_LLSRC, afp->at_llsrc_len, afp->at_llsrc);
+ if (afp->at_lldst_len)
+ NLA_PUT(skb, ARPA_LLDST, afp->at_lldst_len, afp->at_lldst);
+ NLA_PUT(skb, ARPA_PACKETS, 4, &packets);
+ return nlmsg_end(skb, nlh);
+
+nla_put_failure:
+ nlmsg_cancel(skb, nlh);
+ return -EMSGSIZE;
+}
+
+static void
+arpmsg_notify(struct sk_buff *oskb, struct nlmsghdr *nlh, int table,
+ struct arpf_node *afp, int event)
+{
+ struct sk_buff *skb;
+ u32 pid = oskb ? NETLINK_CB(oskb).pid : 0;
+ int payload = sizeof(struct arpmsg) + 256;
+ int err = -ENOBUFS;
+
+ skb = nlmsg_new(nlmsg_total_size(payload), GFP_KERNEL);
+ if (!skb)
+ goto errout;
+
+ err = arpf_fill_node(skb, pid, nlh->nlmsg_seq, 0, event, table, afp);
+ if (err < 0) {
+ kfree_skb(skb);
+ goto errout;
+ }
+
+ rtnl_notify(skb, &init_net, pid, RTNLGRP_ARP, nlh, GFP_KERNEL);
+ return;
+errout:
+ if (err < 0)
+ rtnl_set_sk_err(&init_net, RTNLGRP_ARP, err);
+}
+
+static inline int
+arpf_str_size(int a, struct rtattr **rta, int maxlen)
+{
+ int size = 0;
+
+ if (rta[a-1] && (size = RTA_PAYLOAD(rta[a-1]))) {
+ if (size > maxlen)
+ size = maxlen;
+ }
+ return size;
+}
+
+static inline int
+arpf_get_str(int a, struct rtattr **rta, unsigned char *p,
+ int maxlen, unsigned char *l)
+{
+ int size = arpf_str_size(a, rta, maxlen);
+
+ if (size) {
+ memcpy(p, RTA_DATA(rta[a-1]), size);
+ *l = size;
+ }
+ return size;
+}
+
+#define ARPF_MATCH_U32(ind, field) ( \
+ (!rta[ind-1] && r->at_ ## field == 0) || \
+ (rta[ind-1] && \
+ *(u32*) RTA_DATA(rta[ind-1]) == r->at_ ## field))
+
+#define ARPF_MATCH_STR(ind, field) ( \
+ (!rta[ind-1] && r->at_ ## field ## _len == 0) || \
+ (rta[ind-1] && r->at_ ## field ## _len && \
+ r->at_ ## field ## _len < RTA_PAYLOAD(rta[ind-1]) && \
+ strcmp(RTA_DATA(rta[ind-1]), r->at_ ## field) == 0))
+
+#define ARPF_MATCH_DATA(ind, field) ( \
+ (!rta[ind-1] && r->at_ ## field ## _len == 0) || \
+ (rta[ind-1] && r->at_ ## field ## _len && \
+ r->at_ ## field ## _len == RTA_PAYLOAD(rta[ind-1]) && \
+ memcmp(RTA_DATA(rta[ind-1]), &r->at_ ## field, \
+ r->at_ ## field ## _len) == 0))
+
+/* RTM_NEWARPRULE/RTM_DELARPRULE/RTM_GETARPRULE */
+
+int arpf_rule_ctl(struct sk_buff *skb, struct nlmsghdr* n, void *arg)
+{
+ struct rtattr **rta = arg;
+ struct arpmsg *am = NLMSG_DATA(n);
+ struct arpf_node *r, **rp, **prevp = 0, **delp = 0, *newp = 0;
+ unsigned pref = 1;
+ int size, ret = -EINVAL;
+
+ if (am->arpm_table >= sizeof(arp_tabs)/sizeof(arp_tabs[0]))
+ goto out;
+ if (!((~am->arpm_flags) & (ARPM_F_BROADCAST|ARPM_F_UNICAST)))
+ goto out;
+ if (am->arpm_action > 1)
+ goto out;
+ if (am->arpm_to_len > 32 || am->arpm_from_len > 32)
+ goto out;
+ if (am->arpm_flags & ARPM_F_WILDIIF &&
+ (!rta[ARPA_IIF-1] || !RTA_PAYLOAD(rta[ARPA_IIF-1]) ||
+ !*(char*)RTA_DATA(rta[ARPA_IIF-1])))
+ am->arpm_flags &= ~ARPM_F_WILDIIF;
+ if (am->arpm_flags & ARPM_F_WILDOIF &&
+ (!rta[ARPA_OIF-1] || !RTA_PAYLOAD(rta[ARPA_OIF-1]) ||
+ !*(char*)RTA_DATA(rta[ARPA_OIF-1])))
+ am->arpm_flags &= ~ARPM_F_WILDOIF;
+ switch (am->arpm_table) {
+ case ARPA_TABLE_INPUT:
+ if (rta[ARPA_SRC-1] || rta[ARPA_OIF-1])
+ goto out;
+ break;
+ case ARPA_TABLE_OUTPUT:
+ if (rta[ARPA_IIF-1])
+ goto out;
+ if (am->arpm_flags & (ARPM_F_BROADCAST|ARPM_F_UNICAST))
+ goto out;
+ break;
+ case ARPA_TABLE_FORWARD:
+ if (rta[ARPA_SRC-1])
+ goto out;
+ break;
+ }
+ if (rta[ARPA_SRC-1] && !*(u32*) RTA_DATA(rta[ARPA_SRC-1]))
+ am->arpm_flags |= ARPM_F_PREFSRC;
+ else
+ am->arpm_flags &= ~ARPM_F_PREFSRC;
+
+ for (rp = &arp_tabs[am->arpm_table]; (r=*rp) != NULL; rp=&r->at_next) {
+ if (pref < r->at_pref)
+ prevp = rp;
+ if (am->arpm_pref == r->at_pref ||
+ (!am->arpm_pref &&
+ am->arpm_to_len == r->at_to_len &&
+ am->arpm_from_len == r->at_from_len &&
+ !((am->arpm_flags ^ r->at_flags) &
+ (ARPM_F_BROADCAST | ARPM_F_UNICAST |
+ ARPM_F_WILDIIF | ARPM_F_WILDOIF)) &&
+ ARPF_MATCH_U32(ARPA_TO, to) &&
+ ARPF_MATCH_U32(ARPA_FROM, from) &&
+ ARPF_MATCH_DATA(ARPA_LLFROM, llfrom) &&
+ ARPF_MATCH_DATA(ARPA_LLTO, llto) &&
+ ARPF_MATCH_STR(ARPA_IIF, iif) &&
+ ARPF_MATCH_STR(ARPA_OIF, oif) &&
+ (n->nlmsg_type != RTM_DELARPRULE ||
+ /* DEL matches more keys */
+ (am->arpm_flags == r->at_flags &&
+ am->arpm_action == r->at_action &&
+ ARPF_MATCH_U32(ARPA_SRC, src) &&
+ ARPF_MATCH_DATA(ARPA_LLSRC, llsrc) &&
+ ARPF_MATCH_DATA(ARPA_LLDST, lldst)
+ )
+ )
+ )
+ )
+ break;
+ if (am->arpm_pref && r->at_pref > am->arpm_pref) {
+ r = NULL;
+ break;
+ }
+ pref = r->at_pref+1;
+ }
+
+ /*
+ * r=NULL: *rp != NULL (stopped before next pref), pref: not valid
+ * *rp == NULL (not found), pref: ready to use
+ * r!=NULL: found, pref: not valid
+ *
+ * prevp=NULL: no free slot
+ * prevp!=NULL: free slot for rule
+ */
+
+ if (n->nlmsg_type == RTM_DELARPRULE) {
+ if (!r)
+ return -ESRCH;
+ delp = rp;
+ goto dequeue;
+ }
+
+ if (r) {
+ /* Existing rule */
+ ret = -EEXIST;
+ if (n->nlmsg_flags&NLM_F_EXCL)
+ goto out;
+
+ if (n->nlmsg_flags&NLM_F_REPLACE) {
+ pref = r->at_pref;
+ prevp = delp = rp;
+ goto replace;
+ }
+ }
+
+ if (n->nlmsg_flags&NLM_F_APPEND) {
+ if (r) {
+ pref = r->at_pref+1;
+ for (rp=&r->at_next; (r=*rp) != NULL; rp=&r->at_next) {
+ if (pref != r->at_pref)
+ break;
+ pref ++;
+ }
+ ret = -EBUSY;
+ if (!pref)
+ goto out;
+ } else if (am->arpm_pref)
+ pref = am->arpm_pref;
+ prevp = rp;
+ }
+
+ if (!(n->nlmsg_flags&NLM_F_CREATE)) {
+ ret = -ENOENT;
+ if (n->nlmsg_flags&NLM_F_EXCL || r)
+ ret = 0;
+ goto out;
+ }
+
+ if (!(n->nlmsg_flags&NLM_F_APPEND)) {
+ if (!prevp) {
+ ret = -EBUSY;
+ if (r || *rp ||
+ (!am->arpm_pref && arp_tabs[am->arpm_table]))
+ goto out;
+ prevp = rp;
+ pref = am->arpm_pref? : 99;
+ } else {
+ if (r || !am->arpm_pref) {
+ pref = (*prevp)->at_pref - 1;
+ if (am->arpm_pref && am->arpm_pref < pref)
+ pref = am->arpm_pref;
+ } else {
+ prevp = rp;
+ pref = am->arpm_pref;
+ }
+ }
+ }
+
+replace:
+
+ ret = -ENOMEM;
+ r = kmem_cache_alloc(arpf_cachep, GFP_KERNEL);
+ if (!r)
+ return ret;
+ memset(r, 0, sizeof(*r));
+
+ arpf_get_str(ARPA_LLFROM, rta, r->at_llfrom, MAX_ADDR_LEN,
+ &r->at_llfrom_len);
+ arpf_get_str(ARPA_LLTO, rta, r->at_llto, MAX_ADDR_LEN,
+ &r->at_llto_len);
+ arpf_get_str(ARPA_LLSRC, rta, r->at_llsrc, MAX_ADDR_LEN,
+ &r->at_llsrc_len);
+ arpf_get_str(ARPA_LLDST, rta, r->at_lldst, MAX_ADDR_LEN,
+ &r->at_lldst_len);
+
+ if (delp)
+ r->at_next = (*delp)->at_next;
+ else if (*prevp)
+ r->at_next = *prevp;
+
+ r->at_pref = pref;
+ r->at_from_len = am->arpm_from_len;
+ r->at_from_mask = inet_make_mask(r->at_from_len);
+ if (rta[ARPA_FROM-1])
+ r->at_from = *(u32*) RTA_DATA(rta[ARPA_FROM-1]);
+ r->at_from &= r->at_from_mask;
+ r->at_to_len = am->arpm_to_len;
+ r->at_to_mask = inet_make_mask(r->at_to_len);
+ if (rta[ARPA_TO-1])
+ r->at_to = *(u32*) RTA_DATA(rta[ARPA_TO-1]);
+ r->at_to &= r->at_to_mask;
+ if (rta[ARPA_SRC-1])
+ r->at_src = *(u32*) RTA_DATA(rta[ARPA_SRC-1]);
+ if (rta[ARPA_PACKETS-1]) {
+ u32 packets = *(u32*) RTA_DATA(rta[ARPA_PACKETS-1]);
+ atomic_set(&r->at_packets, packets);
+ }
+ atomic_set(&r->at_refcnt, 1);
+ r->at_flags = am->arpm_flags;
+ r->at_action = am->arpm_action;
+
+ if (rta[ARPA_IIF-1] && (size = RTA_PAYLOAD(rta[ARPA_IIF-1]))) {
+ if (size >= sizeof(r->at_iif))
+ size = sizeof(r->at_iif)-1;
+ memcpy(r->at_iif, RTA_DATA(rta[ARPA_IIF-1]), size);
+ r->at_iif_len = strlen(r->at_iif);
+ }
+ if (rta[ARPA_OIF-1] && (size = RTA_PAYLOAD(rta[ARPA_OIF-1]))) {
+ if (size >= sizeof(r->at_oif))
+ size = sizeof(r->at_oif)-1;
+ memcpy(r->at_oif, RTA_DATA(rta[ARPA_OIF-1]), size);
+ r->at_oif_len = strlen(r->at_oif);
+ }
+
+ newp = r;
+
+dequeue:
+
+ if (delp) {
+ r = *delp;
+ write_lock_bh(&arpf_lock);
+ if (newp) {
+ if (!rta[ARPA_PACKETS-1])
+ atomic_set(&newp->at_packets,
+ atomic_read(&r->at_packets));
+ *delp = newp;
+ } else {
+ *delp = r->at_next;
+ }
+ r->at_dead = 1;
+ write_unlock_bh(&arpf_lock);
+ arpmsg_notify(skb, n, am->arpm_table, r, RTM_DELARPRULE);
+ arpf_put(r);
+ prevp = 0;
+ }
+
+ if (newp) {
+ if (prevp) {
+ write_lock_bh(&arpf_lock);
+ *prevp = newp;
+ write_unlock_bh(&arpf_lock);
+ }
+ arpmsg_notify(skb, n, am->arpm_table, newp, RTM_NEWARPRULE);
+ }
+
+ ret = 0;
+
+out:
+ return ret;
+}
+
+int arpf_dump_table(int t, struct sk_buff *skb, struct netlink_callback *cb)
+{
+ int idx, ret = -1;
+ struct arpf_node *afp;
+ int s_idx = cb->args[1];
+
+ for (idx=0, afp = arp_tabs[t]; afp; afp = afp->at_next, idx++) {
+ if (idx < s_idx)
+ continue;
+ if (arpf_fill_node(skb, NETLINK_CB(cb->skb).pid,
+ cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWARPRULE, t, afp) < 0)
+ goto out;
+ }
+
+ ret = skb->len;
+
+out:
+ cb->args[1] = idx;
+
+ return ret;
+}
+
+int arpf_dump_rules(struct sk_buff *skb, struct netlink_callback *cb)
+{
+ int idx;
+ int s_idx = cb->args[0];
+
+ read_lock_bh(&arpf_lock);
+ for (idx = 0; idx < sizeof(arp_tabs)/sizeof(arp_tabs[0]); idx++) {
+ if (idx < s_idx)
+ continue;
+ if (idx > s_idx)
+ memset(&cb->args[1], 0, sizeof(cb->args)-1*sizeof(cb->args[0]));
+ if (arpf_dump_table(idx, skb, cb) < 0)
+ break;
+ }
+ read_unlock_bh(&arpf_lock);
+ cb->args[0] = idx;
+
+ return skb->len;
+}
+
/*
* Called once on startup.
*/
@@ -1271,6 +1894,16 @@ static int arp_proc_init(void);
void __init arp_init(void)
{
+ arpf_cachep = kmem_cache_create("ip_arpf_cache",
+ sizeof(struct arpf_node), 0,
+ SLAB_HWCACHE_ALIGN, NULL);
+ if (!arpf_cachep)
+ panic("IP: failed to allocate ip_arpf_cache\n");
+
+ rtnl_register(PF_UNSPEC, RTM_NEWARPRULE, arpf_rule_ctl, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_DELARPRULE, arpf_rule_ctl, NULL, NULL);
+ rtnl_register(PF_UNSPEC, RTM_GETARPRULE, NULL, arpf_dump_rules, NULL);
+
neigh_table_init(&arp_tbl);
dev_add_pack(&arp_packet_type);
diff -urp v3.4/linux/net/ipv4/devinet.c linux/net/ipv4/devinet.c
--- v3.4/linux/net/ipv4/devinet.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/devinet.c 2012-05-21 23:32:17.766747678 +0300
@@ -997,7 +997,8 @@ no_in_dev:
continue;
for_primary_ifa(in_dev) {
- if (ifa->ifa_scope != RT_SCOPE_LINK &&
+ if (!IN_DEV_HIDDEN(in_dev) &&
+ ifa->ifa_scope != RT_SCOPE_LINK &&
ifa->ifa_scope <= scope) {
addr = ifa->ifa_local;
goto out_unlock;
@@ -1601,14 +1602,18 @@ static struct devinet_sysctl_table {
DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
"accept_source_route"),
+ DEVINET_SYSCTL_RW_ENTRY(FORWARD_SHARED, "forward_shared"),
DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
+ DEVINET_SYSCTL_RW_ENTRY(RP_FILTER_MASK, "rp_filter_mask"),
DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
+ DEVINET_SYSCTL_RW_ENTRY(HIDDEN, "hidden"),
DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
+ DEVINET_SYSCTL_RW_ENTRY(LOOP, "loop"),
DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
diff -urp v3.4/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c
--- v3.4/linux/net/ipv4/fib_frontend.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/fib_frontend.c 2012-05-21 23:32:17.770747678 +0300
@@ -47,6 +47,8 @@
#ifndef CONFIG_IP_MULTIPLE_TABLES
+#define FIB_RES_TABLE(r) (RT_TABLE_MAIN)
+
static int __net_init fib4_rules_init(struct net *net)
{
struct fib_table *local_table, *main_table;
@@ -71,6 +73,8 @@ fail:
}
#else
+#define FIB_RES_TABLE(r) (fib_result_table(r))
+
struct fib_table *fib_new_table(struct net *net, u32 id)
{
struct fib_table *tb;
@@ -190,14 +194,20 @@ EXPORT_SYMBOL(inet_dev_addr_type);
*/
int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, u8 tos,
int oif, struct net_device *dev, __be32 *spec_dst,
- u32 *itag)
+ u32 *itag, int our)
{
struct in_device *in_dev;
struct flowi4 fl4;
struct fib_result res;
+ int table;
+ unsigned char prefixlen;
+ unsigned char scope;
int no_addr, rpf, accept_local;
bool dev_match;
+ unsigned rpf_mask = 0;
int ret;
+ int fwdsh = 0;
+ int loop = 0;
struct net *net;
fl4.flowi4_oif = 0;
@@ -206,6 +216,7 @@ int fib_validate_source(struct sk_buff *
fl4.saddr = dst;
fl4.flowi4_tos = tos;
fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
+ fl4.fl4_gw = 0;
no_addr = rpf = accept_local = 0;
in_dev = __in_dev_get_rcu(dev);
@@ -217,6 +228,9 @@ int fib_validate_source(struct sk_buff *
accept_local = IN_DEV_ACCEPT_LOCAL(in_dev);
fl4.flowi4_mark = IN_DEV_SRC_VMARK(in_dev) ? skb->mark : 0;
+ fwdsh = IN_DEV_FORWARD_SHARED(in_dev);
+ rpf_mask = IN_DEV_RPFILTER_MASK(in_dev);
+ loop = IN_DEV_LOOP(in_dev);
}
if (in_dev == NULL)
@@ -225,6 +239,17 @@ int fib_validate_source(struct sk_buff *
net = dev_net(dev);
if (fib_lookup(net, &fl4, &res))
goto last_resort;
+ if (loop && res.type == RTN_LOCAL) {
+ *spec_dst = FIB_RES_PREFSRC(net, res);
+ return 0;
+ }
+ if (fwdsh) {
+ fwdsh = (res.type == RTN_LOCAL && !our);
+ if (fwdsh) {
+ rpf = 0;
+ accept_local = 1;
+ }
+ }
if (res.type != RTN_UNICAST) {
if (res.type != RTN_LOCAL || !accept_local)
goto e_inval;
@@ -250,19 +275,37 @@ int fib_validate_source(struct sk_buff *
ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
return ret;
}
+ if (rpf_mask && rpf) {
+ int omi = 0;
+
+ in_dev = __in_dev_get_rcu(FIB_RES_DEV(res));
+ if (in_dev)
+ omi = IN_DEV_MEDIUM_ID(in_dev);
+ if (omi >= 1 && omi <= 31 && ((1 << omi) & rpf_mask))
+ rpf = 0;
+ }
if (no_addr)
goto last_resort;
- if (rpf == 1)
- goto e_rpf;
+ table = FIB_RES_TABLE(&res);
+ prefixlen = res.prefixlen;
+ scope = res.scope;
fl4.flowi4_oif = dev->ifindex;
+ if (fwdsh)
+ fl4.flowi4_iif = net->loopback_dev->ifindex;
ret = 0;
if (fib_lookup(net, &fl4, &res) == 0) {
- if (res.type == RTN_UNICAST) {
+ if (res.type == RTN_UNICAST &&
+ ((table == FIB_RES_TABLE(&res) &&
+ res.prefixlen >= prefixlen && res.scope >= scope) ||
+ !rpf)) {
*spec_dst = FIB_RES_PREFSRC(net, res);
ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
+ return ret;
}
}
+ if (rpf == 1)
+ goto e_rpf;
return ret;
last_resort:
@@ -966,9 +1009,7 @@ static int fib_inetaddr_event(struct not
switch (event) {
case NETDEV_UP:
fib_add_ifaddr(ifa);
-#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
-#endif
atomic_inc(&net->ipv4.dev_addr_genid);
rt_cache_flush(dev_net(dev), -1);
break;
@@ -1007,9 +1048,7 @@ static int fib_netdev_event(struct notif
for_ifa(in_dev) {
fib_add_ifaddr(ifa);
} endfor_ifa(in_dev);
-#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
-#endif
atomic_inc(&net->ipv4.dev_addr_genid);
rt_cache_flush(dev_net(dev), -1);
break;
diff -urp v3.4/linux/net/ipv4/fib_lookup.h linux/net/ipv4/fib_lookup.h
--- v3.4/linux/net/ipv4/fib_lookup.h 2011-05-20 10:38:08.000000000 +0300
+++ linux/net/ipv4/fib_lookup.h 2012-05-21 23:32:17.770747678 +0300
@@ -8,6 +8,7 @@
struct fib_alias {
struct list_head fa_list;
struct fib_info *fa_info;
+ int fa_last_dflt;
u8 fa_tos;
u8 fa_type;
u8 fa_state;
@@ -38,7 +39,8 @@ extern struct fib_alias *fib_find_alias(
u8 tos, u32 prio);
extern int fib_detect_death(struct fib_info *fi, int order,
struct fib_info **last_resort,
- int *last_idx, int dflt);
+ int *last_idx, int *dflt, int *last_nhsel,
+ const struct flowi4 *flp);
static inline void fib_result_assign(struct fib_result *res,
struct fib_info *fi)
diff -urp v3.4/linux/net/ipv4/fib_rules.c linux/net/ipv4/fib_rules.c
--- v3.4/linux/net/ipv4/fib_rules.c 2012-03-20 00:05:19.000000000 +0200
+++ linux/net/ipv4/fib_rules.c 2012-05-21 23:32:17.770747678 +0300
@@ -54,6 +54,11 @@ u32 fib_rules_tclass(const struct fib_re
}
#endif
+int fib_result_table(struct fib_result *res)
+{
+ return res->r->table;
+}
+
int fib_lookup(struct net *net, struct flowi4 *flp, struct fib_result *res)
{
struct fib_lookup_arg arg = {
diff -urp v3.4/linux/net/ipv4/fib_semantics.c linux/net/ipv4/fib_semantics.c
--- v3.4/linux/net/ipv4/fib_semantics.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/fib_semantics.c 2012-05-21 23:32:17.774747679 +0300
@@ -50,6 +50,7 @@ static struct hlist_head *fib_info_hash;
static struct hlist_head *fib_info_laddrhash;
static unsigned int fib_info_hash_size;
static unsigned int fib_info_cnt;
+DEFINE_RWLOCK(fib_nhflags_lock);
#define DEVINDEX_HASHBITS 8
#define DEVINDEX_HASHSIZE (1U << DEVINDEX_HASHBITS)
@@ -198,7 +199,7 @@ static inline int nh_comp(const struct f
#ifdef CONFIG_IP_ROUTE_CLASSID
nh->nh_tclassid != onh->nh_tclassid ||
#endif
- ((nh->nh_flags ^ onh->nh_flags) & ~RTNH_F_DEAD))
+ ((nh->nh_flags ^ onh->nh_flags) & ~RTNH_F_BADSTATE))
return -1;
onh++;
} endfor_nexthops(fi);
@@ -250,7 +251,7 @@ static struct fib_info *fib_find_info(co
nfi->fib_priority == fi->fib_priority &&
memcmp(nfi->fib_metrics, fi->fib_metrics,
sizeof(u32) * RTAX_MAX) == 0 &&
- ((nfi->fib_flags ^ fi->fib_flags) & ~RTNH_F_DEAD) == 0 &&
+ ((nfi->fib_flags ^ fi->fib_flags) & ~RTNH_F_BADSTATE) == 0 &&
(nfi->fib_nhs == 0 || nh_comp(fi, nfi) == 0))
return fi;
}
@@ -361,26 +362,70 @@ struct fib_alias *fib_find_alias(struct
}
int fib_detect_death(struct fib_info *fi, int order,
- struct fib_info **last_resort, int *last_idx, int dflt)
+ struct fib_info **last_resort, int *last_idx, int *dflt,
+ int *last_nhsel, const struct flowi4 *flp)
{
struct neighbour *n;
- int state = NUD_NONE;
+ int nhsel;
+ int state;
+ struct fib_nh * nh;
+ __be32 dst;
+ int flag, dead = 1;
+
+ /* change_nexthops(fi) { */
+ for (nhsel = 0, nh = fi->fib_nh; nhsel < fi->fib_nhs; nh++, nhsel++) {
+ if (flp->flowi4_oif && flp->flowi4_oif != nh->nh_oif)
+ continue;
+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw && nh->nh_gw &&
+ nh->nh_scope == RT_SCOPE_LINK)
+ continue;
+ if (nh->nh_flags & RTNH_F_DEAD)
+ continue;
- n = neigh_lookup(&arp_tbl, &fi->fib_nh[0].nh_gw, fi->fib_dev);
- if (n) {
- state = n->nud_state;
- neigh_release(n);
- }
- if (state == NUD_REACHABLE)
- return 0;
- if ((state & NUD_VALID) && order != dflt)
- return 0;
- if ((state & NUD_VALID) ||
- (*last_idx < 0 && order > dflt)) {
- *last_resort = fi;
- *last_idx = order;
+ flag = 0;
+ if (nh->nh_dev->flags & IFF_NOARP) {
+ dead = 0;
+ goto setfl;
+ }
+
+ dst = nh->nh_gw;
+ if (!nh->nh_gw || nh->nh_scope != RT_SCOPE_LINK)
+ dst = flp->daddr;
+
+ state = NUD_NONE;
+ n = neigh_lookup(&arp_tbl, &dst, nh->nh_dev);
+ if (n) {
+ state = n->nud_state;
+ neigh_release(n);
+ }
+ if (state == NUD_REACHABLE ||
+ ((state & NUD_VALID) && order != *dflt)) {
+ dead = 0;
+ goto setfl;
+ }
+ if (!(state & NUD_VALID))
+ flag = 1;
+ if (!dead)
+ goto setfl;
+ if ((state & NUD_VALID) ||
+ (*last_idx < 0 && order >= *dflt)) {
+ *last_resort = fi;
+ *last_idx = order;
+ *last_nhsel = nhsel;
+ }
+
+ setfl:
+
+ read_lock_bh(&fib_nhflags_lock);
+ if (flag)
+ nh->nh_flags |= RTNH_F_SUSPECT;
+ else
+ nh->nh_flags &= ~RTNH_F_SUSPECT;
+ read_unlock_bh(&fib_nhflags_lock);
}
- return 1;
+ /* } endfor_nexthops(fi) */
+
+ return dead;
}
#ifdef CONFIG_IP_ROUTE_MULTIPATH
@@ -549,8 +594,11 @@ static int fib_check_nh(struct fib_confi
dev = __dev_get_by_index(net, nh->nh_oif);
if (!dev)
return -ENODEV;
- if (!(dev->flags & IFF_UP))
- return -ENETDOWN;
+ if (!(dev->flags & IFF_UP)) {
+ if (fi->fib_protocol != RTPROT_STATIC)
+ return -ENETDOWN;
+ nh->nh_flags |= RTNH_F_DEAD;
+ }
nh->nh_dev = dev;
dev_hold(dev);
nh->nh_scope = RT_SCOPE_LINK;
@@ -568,21 +616,41 @@ static int fib_check_nh(struct fib_confi
if (fl4.flowi4_scope < RT_SCOPE_LINK)
fl4.flowi4_scope = RT_SCOPE_LINK;
err = fib_lookup(net, &fl4, &res);
- if (err) {
- rcu_read_unlock();
- return err;
+ }
+ if (err) {
+ struct in_device *in_dev;
+
+ if (err != -ENETUNREACH ||
+ fi->fib_protocol != RTPROT_STATIC)
+ goto out;
+
+ in_dev = inetdev_by_index(net, nh->nh_oif);
+ if (in_dev == NULL ||
+ in_dev->dev->flags & IFF_UP)
+ goto out;
+ nh->nh_flags |= RTNH_F_DEAD;
+ nh->nh_scope = RT_SCOPE_LINK;
+ nh->nh_dev = in_dev->dev;
+ dev_hold(nh->nh_dev);
+ } else {
+ err = -EINVAL;
+ if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
+ goto out;
+ nh->nh_scope = res.scope;
+ nh->nh_oif = FIB_RES_OIF(res);
+ nh->nh_dev = dev = FIB_RES_DEV(res);
+ if (!dev)
+ goto out;
+ dev_hold(dev);
+ if (!(nh->nh_dev->flags & IFF_UP)) {
+ if (fi->fib_protocol != RTPROT_STATIC) {
+ err = -ENETDOWN;
+ goto out;
+ }
+ nh->nh_flags |= RTNH_F_DEAD;
}
+ err = 0;
}
- err = -EINVAL;
- if (res.type != RTN_UNICAST && res.type != RTN_LOCAL)
- goto out;
- nh->nh_scope = res.scope;
- nh->nh_oif = FIB_RES_OIF(res);
- nh->nh_dev = dev = FIB_RES_DEV(res);
- if (!dev)
- goto out;
- dev_hold(dev);
- err = (dev->flags & IFF_UP) ? 0 : -ENETDOWN;
} else {
struct in_device *in_dev;
@@ -595,8 +663,11 @@ static int fib_check_nh(struct fib_confi
if (in_dev == NULL)
goto out;
err = -ENETDOWN;
- if (!(in_dev->dev->flags & IFF_UP))
- goto out;
+ if (!(in_dev->dev->flags & IFF_UP)) {
+ if (fi->fib_protocol != RTPROT_STATIC)
+ goto out;
+ nh->nh_flags |= RTNH_F_DEAD;
+ }
nh->nh_dev = in_dev->dev;
dev_hold(nh->nh_dev);
nh->nh_scope = RT_SCOPE_HOST;
@@ -1049,18 +1120,29 @@ int fib_sync_down_dev(struct net_device
prev_fi = fi;
dead = 0;
change_nexthops(fi) {
- if (nexthop_nh->nh_flags & RTNH_F_DEAD)
- dead++;
- else if (nexthop_nh->nh_dev == dev &&
- nexthop_nh->nh_scope != scope) {
- nexthop_nh->nh_flags |= RTNH_F_DEAD;
+ if (nexthop_nh->nh_flags & RTNH_F_DEAD) {
+ if (fi->fib_protocol != RTPROT_STATIC ||
+ nexthop_nh->nh_dev == NULL ||
+ __in_dev_get_rtnl(nexthop_nh->nh_dev) == NULL ||
+ nexthop_nh->nh_dev->flags&IFF_UP)
+ dead++;
+ } else if (nexthop_nh->nh_dev == dev &&
+ nexthop_nh->nh_scope != scope) {
+ write_lock_bh(&fib_nhflags_lock);
#ifdef CONFIG_IP_ROUTE_MULTIPATH
- spin_lock_bh(&fib_multipath_lock);
+ spin_lock(&fib_multipath_lock);
+ nexthop_nh->nh_flags |= RTNH_F_DEAD;
fi->fib_power -= nexthop_nh->nh_power;
nexthop_nh->nh_power = 0;
- spin_unlock_bh(&fib_multipath_lock);
+ spin_unlock(&fib_multipath_lock);
+#else
+ nexthop_nh->nh_flags |= RTNH_F_DEAD;
#endif
- dead++;
+ write_unlock_bh(&fib_nhflags_lock);
+ if (fi->fib_protocol!=RTPROT_STATIC ||
+ force ||
+ __in_dev_get_rtnl(dev) == NULL)
+ dead++;
}
#ifdef CONFIG_IP_ROUTE_MULTIPATH
if (force > 1 && nexthop_nh->nh_dev == dev) {
@@ -1079,12 +1161,12 @@ int fib_sync_down_dev(struct net_device
}
/* Must be invoked inside of an RCU protected region. */
-void fib_select_default(struct fib_result *res)
+void fib_select_default(const struct flowi4 *flp, struct fib_result *res)
{
struct fib_info *fi = NULL, *last_resort = NULL;
struct list_head *fa_head = res->fa_head;
- struct fib_table *tb = res->table;
- int order = -1, last_idx = -1;
+ int order = -1, last_idx = -1, last_dflt = -2, last_nhsel = 0;
+ struct fib_alias *first_fa = NULL;
struct fib_alias *fa;
list_for_each_entry_rcu(fa, fa_head, fa_list) {
@@ -1094,21 +1176,21 @@ void fib_select_default(struct fib_resul
fa->fa_type != RTN_UNICAST)
continue;
+ if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos)
+ continue;
if (next_fi->fib_priority > res->fi->fib_priority)
break;
- if (!next_fi->fib_nh[0].nh_gw ||
- next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
- continue;
fib_alias_accessed(fa);
- if (fi == NULL) {
- if (next_fi != res->fi)
- break;
- } else if (!fib_detect_death(fi, order, &last_resort,
- &last_idx, tb->tb_default)) {
+ if (!first_fa) {
+ last_dflt = fa->fa_last_dflt;
+ first_fa = fa;
+ }
+ if (fi && !fib_detect_death(fi, order, &last_resort,
+ &last_idx, &last_dflt, &last_nhsel, flp)) {
fib_result_assign(res, fi);
- tb->tb_default = order;
+ first_fa->fa_last_dflt = order;
goto out;
}
fi = next_fi;
@@ -1116,29 +1198,38 @@ void fib_select_default(struct fib_resul
}
if (order <= 0 || fi == NULL) {
- tb->tb_default = -1;
+ if (fi && fi->fib_nhs > 1 &&
+ fib_detect_death(fi, order, &last_resort, &last_idx,
+ &last_dflt, &last_nhsel, flp) &&
+ last_resort == fi) {
+ read_lock_bh(&fib_nhflags_lock);
+ fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
+ read_unlock_bh(&fib_nhflags_lock);
+ }
+ if (first_fa) first_fa->fa_last_dflt = -1;
goto out;
}
if (!fib_detect_death(fi, order, &last_resort, &last_idx,
- tb->tb_default)) {
+ &last_dflt, &last_nhsel, flp)) {
fib_result_assign(res, fi);
- tb->tb_default = order;
+ first_fa->fa_last_dflt = order;
goto out;
}
- if (last_idx >= 0)
+ if (last_idx >= 0) {
fib_result_assign(res, last_resort);
- tb->tb_default = last_idx;
+ read_lock_bh(&fib_nhflags_lock);
+ last_resort->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
+ read_unlock_bh(&fib_nhflags_lock);
+ first_fa->fa_last_dflt = last_idx;
+ }
out:
return;
}
-#ifdef CONFIG_IP_ROUTE_MULTIPATH
-
/*
- * Dead device goes up. We wake up dead nexthops.
- * It takes sense only on multipath routes.
++ Dead device goes up or new address is added. We wake up dead nexthops.
*/
int fib_sync_up(struct net_device *dev)
{
@@ -1147,8 +1238,10 @@ int fib_sync_up(struct net_device *dev)
struct hlist_head *head;
struct hlist_node *node;
struct fib_nh *nh;
- int ret;
+ struct fib_result res;
+ int ret, rep;
+repeat:
if (!(dev->flags & IFF_UP))
return 0;
@@ -1156,6 +1249,7 @@ int fib_sync_up(struct net_device *dev)
hash = fib_devindex_hashfn(dev->ifindex);
head = &fib_info_devhash[hash];
ret = 0;
+ rep = 0;
hlist_for_each_entry(nh, node, head, nh_hash) {
struct fib_info *fi = nh->nh_parent;
@@ -1168,21 +1262,44 @@ int fib_sync_up(struct net_device *dev)
prev_fi = fi;
alive = 0;
change_nexthops(fi) {
- if (!(nexthop_nh->nh_flags & RTNH_F_DEAD)) {
- alive++;
+ if (!(nexthop_nh->nh_flags & RTNH_F_DEAD))
continue;
- }
if (nexthop_nh->nh_dev == NULL ||
!(nexthop_nh->nh_dev->flags & IFF_UP))
continue;
if (nexthop_nh->nh_dev != dev ||
!__in_dev_get_rtnl(dev))
continue;
+ if (nexthop_nh->nh_gw && fi->fib_protocol == RTPROT_STATIC) {
+ struct flowi4 fl4 = {
+ .daddr = nexthop_nh->nh_gw,
+ .flowi4_scope = nexthop_nh->nh_scope,
+ .flowi4_oif = nexthop_nh->nh_oif,
+ };
+
+ rcu_read_lock();
+ if (fib_lookup(dev_net(dev), &fl4, &res) != 0) {
+ rcu_read_unlock();
+ continue;
+ }
+ if (res.type != RTN_UNICAST &&
+ res.type != RTN_LOCAL) {
+ rcu_read_unlock();
+ continue;
+ }
+ nexthop_nh->nh_scope = res.scope;
+ rcu_read_unlock();
+ rep = 1;
+ }
alive++;
+#ifdef CONFIG_IP_ROUTE_MULTIPATH
spin_lock_bh(&fib_multipath_lock);
nexthop_nh->nh_power = 0;
+#endif
nexthop_nh->nh_flags &= ~RTNH_F_DEAD;
+#ifdef CONFIG_IP_ROUTE_MULTIPATH
spin_unlock_bh(&fib_multipath_lock);
+#endif
} endfor_nexthops(fi)
if (alive > 0) {
@@ -1190,35 +1307,61 @@ int fib_sync_up(struct net_device *dev)
ret++;
}
}
+ if (rep)
+ goto repeat;
return ret;
}
+#ifdef CONFIG_IP_ROUTE_MULTIPATH
+
/*
* The algorithm is suboptimal, but it provides really
* fair weighted route distribution.
*/
-void fib_select_multipath(struct fib_result *res)
+void fib_select_multipath(const struct flowi4 *flp, struct fib_result *res)
{
struct fib_info *fi = res->fi;
- int w;
+ int w, alive;
spin_lock_bh(&fib_multipath_lock);
+ if (flp->flowi4_oif) {
+ int sel = -1;
+ w = -1;
+ change_nexthops(fi) {
+ if (flp->flowi4_oif != nexthop_nh->nh_oif)
+ continue;
+ if (flp->fl4_gw && flp->fl4_gw != nexthop_nh->nh_gw &&
+ nexthop_nh->nh_gw &&
+ nexthop_nh->nh_scope == RT_SCOPE_LINK)
+ continue;
+ if (!(nexthop_nh->nh_flags & RTNH_F_BADSTATE)) {
+ if (nexthop_nh->nh_power > w) {
+ w = nexthop_nh->nh_power;
+ sel = nhsel;
+ }
+ }
+ } endfor_nexthops(fi);
+ if (sel >= 0) {
+ spin_unlock_bh(&fib_multipath_lock);
+ res->nh_sel = sel;
+ return;
+ }
+ goto last_resort;
+ }
+
+repeat:
if (fi->fib_power <= 0) {
int power = 0;
change_nexthops(fi) {
- if (!(nexthop_nh->nh_flags & RTNH_F_DEAD)) {
+ if (!(nexthop_nh->nh_flags & RTNH_F_BADSTATE)) {
power += nexthop_nh->nh_weight;
nexthop_nh->nh_power = nexthop_nh->nh_weight;
}
} endfor_nexthops(fi);
fi->fib_power = power;
- if (power <= 0) {
- spin_unlock_bh(&fib_multipath_lock);
- /* Race condition: route has just become dead. */
- res->nh_sel = 0;
- return;
- }
+ if (power <= 0)
+ goto last_resort;
}
@@ -1228,8 +1371,9 @@ void fib_select_multipath(struct fib_res
w = jiffies % fi->fib_power;
+ alive = 0;
change_nexthops(fi) {
- if (!(nexthop_nh->nh_flags & RTNH_F_DEAD) &&
+ if (!(nexthop_nh->nh_flags & RTNH_F_BADSTATE) &&
nexthop_nh->nh_power) {
w -= nexthop_nh->nh_power;
if (w <= 0) {
@@ -1239,11 +1383,29 @@ void fib_select_multipath(struct fib_res
spin_unlock_bh(&fib_multipath_lock);
return;
}
+ alive = 1;
+ }
+ } endfor_nexthops(fi);
+ if (alive) {
+ fi->fib_power = 0;
+ goto repeat;
+ }
+
+last_resort:
+ for_nexthops(fi) {
+ if (!(nh->nh_flags & RTNH_F_DEAD)) {
+ if (flp->flowi4_oif && flp->flowi4_oif != nh->nh_oif)
+ continue;
+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
+ nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
+ continue;
+ spin_unlock_bh(&fib_multipath_lock);
+ res->nh_sel = nhsel;
+ return;
}
} endfor_nexthops(fi);
/* Race condition: route has just become dead. */
- res->nh_sel = 0;
spin_unlock_bh(&fib_multipath_lock);
}
#endif
diff -urp v3.4/linux/net/ipv4/fib_trie.c linux/net/ipv4/fib_trie.c
--- v3.4/linux/net/ipv4/fib_trie.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/fib_trie.c 2012-05-21 23:32:17.778747680 +0300
@@ -1279,6 +1279,7 @@ int fib_table_insert(struct fib_table *t
fi_drop = fa->fa_info;
new_fa->fa_tos = fa->fa_tos;
new_fa->fa_info = fi;
+ new_fa->fa_last_dflt = -1;
new_fa->fa_type = cfg->fc_type;
state = fa->fa_state;
new_fa->fa_state = state & ~FA_S_ACCESSED;
@@ -1317,6 +1318,7 @@ int fib_table_insert(struct fib_table *t
new_fa->fa_tos = tos;
new_fa->fa_type = cfg->fc_type;
new_fa->fa_state = 0;
+ new_fa->fa_last_dflt = -1;
/*
* Insert new entry to the list.
*/
@@ -1391,6 +1393,9 @@ static int check_leaf(struct fib_table *
continue;
if (flp->flowi4_oif && flp->flowi4_oif != nh->nh_oif)
continue;
+ if (flp->fl4_gw && flp->fl4_gw != nh->nh_gw &&
+ nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK)
+ continue;
#ifdef CONFIG_IP_FIB_TRIE_STATS
t->stats.semantic_match_passed++;
diff -urp v3.4/linux/net/ipv4/netfilter/ipt_MASQUERADE.c linux/net/ipv4/netfilter/ipt_MASQUERADE.c
--- v3.4/linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2012-03-20 00:05:19.000000000 +0200
+++ linux/net/ipv4/netfilter/ipt_MASQUERADE.c 2012-05-21 23:32:17.778747680 +0300
@@ -51,7 +51,7 @@ masquerade_tg(struct sk_buff *skb, const
enum ip_conntrack_info ctinfo;
struct nf_nat_ipv4_range newrange;
const struct nf_nat_ipv4_multi_range_compat *mr;
- const struct rtable *rt;
+ struct rtable *rt;
__be32 newsrc;
NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
@@ -69,13 +69,27 @@ masquerade_tg(struct sk_buff *skb, const
return NF_ACCEPT;
mr = par->targinfo;
- rt = skb_rtable(skb);
- newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
- if (!newsrc) {
- pr_info("%s ate my IP address\n", par->out->name);
- return NF_DROP;
+
+ {
+ struct flowi4 fl4 = { .flowi4_tos = RT_TOS(ip_hdr(skb)->tos),
+ .flowi4_mark = skb->mark,
+ .flowi4_oif = par->out->ifindex,
+ .daddr = ip_hdr(skb)->daddr,
+ .fl4_gw = skb_rtable(skb)->rt_gateway };
+ rt = ip_route_output_key(dev_net(par->out), &fl4);
+ if (IS_ERR(rt)) {
+ /* Funky routing can do this. */
+ if (net_ratelimit())
+ pr_info("%s:"
+ " No route: Rusty's brain broke!\n",
+ par->out->name);
+ return NF_DROP;
+ }
}
+ newsrc = rt->rt_src;
+ ip_rt_put(rt);
+
nat->masq_index = par->out->ifindex;
/* Transfer from original range. */
diff -urp v3.4/linux/net/ipv4/netfilter/nf_nat_core.c linux/net/ipv4/netfilter/nf_nat_core.c
--- v3.4/linux/net/ipv4/netfilter/nf_nat_core.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/netfilter/nf_nat_core.c 2012-05-21 23:32:17.778747680 +0300
@@ -691,6 +691,52 @@ static struct nf_ct_helper_expectfn foll
.expectfn = nf_nat_follow_master,
};
+unsigned int
+ip_nat_route_input(unsigned int hooknum,
+ struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ struct iphdr *iph;
+ struct nf_conn *conn;
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ unsigned long statusbit;
+ __be32 saddr;
+
+ if (!(conn = nf_ct_get(skb, &ctinfo)))
+ return NF_ACCEPT;
+
+ if (!(conn->status & IPS_NAT_DONE_MASK))
+ return NF_ACCEPT;
+ dir = CTINFO2DIR(ctinfo);
+ statusbit = IPS_SRC_NAT;
+ if (dir == IP_CT_DIR_REPLY)
+ statusbit ^= IPS_NAT_MASK;
+ if (!(conn->status & statusbit))
+ return NF_ACCEPT;
+
+ if (skb_dst(skb))
+ return NF_ACCEPT;
+
+ if (skb->len < sizeof(struct iphdr))
+ return NF_ACCEPT;
+
+ /* use daddr in other direction as masquerade address (lsrc) */
+ iph = ip_hdr(skb);
+ saddr = conn->tuplehash[!dir].tuple.dst.u3.ip;
+ if (saddr == iph->saddr)
+ return NF_ACCEPT;
+
+ if (ip_route_input_lookup(skb, iph->daddr, iph->saddr, iph->tos,
+ skb->dev, saddr))
+ return NF_DROP;
+
+ return NF_ACCEPT;
+}
+EXPORT_SYMBOL_GPL(ip_nat_route_input);
+
static int __init nf_nat_init(void)
{
size_t i;
diff -urp v3.4/linux/net/ipv4/netfilter/nf_nat_standalone.c linux/net/ipv4/netfilter/nf_nat_standalone.c
--- v3.4/linux/net/ipv4/netfilter/nf_nat_standalone.c 2012-03-20 00:05:19.000000000 +0200
+++ linux/net/ipv4/netfilter/nf_nat_standalone.c 2012-05-21 23:32:17.782747681 +0300
@@ -250,6 +250,14 @@ static struct nf_hook_ops nf_nat_ops[] _
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_NAT_DST,
},
+ /* Before routing, route before mangling */
+ {
+ .hook = ip_nat_route_input,
+ .owner = THIS_MODULE,
+ .pf = NFPROTO_IPV4,
+ .hooknum = NF_INET_PRE_ROUTING,
+ .priority = NF_IP_PRI_LAST-1,
+ },
/* After packet filtering, change source */
{
.hook = nf_nat_out,
diff -urp v3.4/linux/net/ipv4/route.c linux/net/ipv4/route.c
--- v3.4/linux/net/ipv4/route.c 2012-05-21 23:04:39.000000000 +0300
+++ linux/net/ipv4/route.c 2012-05-21 23:32:17.786747682 +0300
@@ -738,6 +738,8 @@ static inline int compare_keys(struct rt
return (((__force u32)rt1->rt_key_dst ^ (__force u32)rt2->rt_key_dst) |
((__force u32)rt1->rt_key_src ^ (__force u32)rt2->rt_key_src) |
(rt1->rt_mark ^ rt2->rt_mark) |
+ ((__force u32)rt1->rt_key_lsrc ^ (__force u32)rt2->rt_key_lsrc) |
+ ((__force u32)rt1->rt_key_gw ^ (__force u32)rt2->rt_key_gw) |
(rt1->rt_key_tos ^ rt2->rt_key_tos) |
(rt1->rt_route_iif ^ rt2->rt_route_iif) |
(rt1->rt_oif ^ rt2->rt_oif)) == 0;
@@ -1419,6 +1421,8 @@ static void check_peer_redir(struct dst_
rt->rt_gateway = orig_gw;
return;
}
+ if (rt->rt_key_gw)
+ rt->rt_key_gw = rt->rt_gateway;
old_n = xchg(&rt->dst._neighbour, n);
if (old_n)
neigh_release(old_n);
@@ -1962,6 +1966,8 @@ static void rt_init_metrics(struct rtabl
if (peer->redirect_learned.a4 &&
peer->redirect_learned.a4 != rt->rt_gateway) {
rt->rt_gateway = peer->redirect_learned.a4;
+ if (rt->rt_key_gw)
+ rt->rt_key_gw = rt->rt_gateway;
rt->rt_flags |= RTCF_REDIRECTED;
}
} else {
@@ -2037,7 +2043,7 @@ static int ip_route_input_mc(struct sk_b
spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
} else {
err = fib_validate_source(skb, saddr, 0, tos, 0, dev, &spec_dst,
- &itag);
+ &itag, our);
if (err < 0)
goto e_err;
}
@@ -2053,6 +2059,8 @@ static int ip_route_input_mc(struct sk_b
rth->rt_key_dst = daddr;
rth->rt_key_src = saddr;
+ rth->rt_key_lsrc = 0;
+ rth->rt_key_gw = daddr;
rth->rt_genid = rt_genid(dev_net(dev));
rth->rt_flags = RTCF_MULTICAST;
rth->rt_type = RTN_MULTICAST;
@@ -2122,7 +2130,7 @@ static int __mkroute_input(struct sk_buf
const struct fib_result *res,
struct in_device *in_dev,
__be32 daddr, __be32 saddr, u32 tos,
- struct rtable **result)
+ __be32 lsrc, struct rtable **result)
{
struct rtable *rth;
int err;
@@ -2141,7 +2149,7 @@ static int __mkroute_input(struct sk_buf
err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
- in_dev->dev, &spec_dst, &itag);
+ in_dev->dev, &spec_dst, &itag, 0);
if (err < 0) {
ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
saddr);
@@ -2153,6 +2161,7 @@ static int __mkroute_input(struct sk_buf
flags |= RTCF_DIRECTSRC;
if (out_dev == in_dev && err &&
+ !lsrc &&
(IN_DEV_SHARED_MEDIA(out_dev) ||
inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
flags |= RTCF_DOREDIRECT;
@@ -2182,6 +2191,8 @@ static int __mkroute_input(struct sk_buf
rth->rt_key_dst = daddr;
rth->rt_key_src = saddr;
+ rth->rt_key_lsrc = lsrc;
+ rth->rt_key_gw = 0;
rth->rt_genid = rt_genid(dev_net(rth->dst.dev));
rth->rt_flags = flags;
rth->rt_type = res->type;
@@ -2211,21 +2222,23 @@ static int __mkroute_input(struct sk_buf
static int ip_mkroute_input(struct sk_buff *skb,
struct fib_result *res,
+ struct net *net,
const struct flowi4 *fl4,
struct in_device *in_dev,
- __be32 daddr, __be32 saddr, u32 tos)
+ __be32 daddr, __be32 saddr, u32 tos, __be32 lsrc)
{
struct rtable* rth = NULL;
int err;
unsigned hash;
+ fib_select_default(fl4, res);
#ifdef CONFIG_IP_ROUTE_MULTIPATH
if (res->fi && res->fi->fib_nhs > 1)
- fib_select_multipath(res);
+ fib_select_multipath(fl4, res);
#endif
/* create a routing cache entry */
- err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, &rth);
+ err = __mkroute_input(skb, res, in_dev, daddr, saddr, tos, lsrc, &rth);
if (err)
return err;
@@ -2250,7 +2263,7 @@ static int ip_mkroute_input(struct sk_bu
*/
static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
- u8 tos, struct net_device *dev)
+ u8 tos, struct net_device *dev, __be32 lsrc)
{
struct fib_result res;
struct in_device *in_dev = __in_dev_get_rcu(dev);
@@ -2288,22 +2301,32 @@ static int ip_route_input_slow(struct sk
if (ipv4_is_zeronet(daddr) || ipv4_is_loopback(daddr))
goto martian_destination;
+ if (lsrc) {
+ if (ipv4_is_multicast(lsrc) || ipv4_is_lbcast(lsrc) ||
+ ipv4_is_zeronet(lsrc) || ipv4_is_loopback(lsrc))
+ goto e_inval;
+ }
+
/*
* Now we are ready to route packet.
*/
fl4.flowi4_oif = 0;
- fl4.flowi4_iif = dev->ifindex;
+ fl4.flowi4_iif = lsrc ?
+ dev_net(dev)->loopback_dev->ifindex : dev->ifindex;
fl4.flowi4_mark = skb->mark;
fl4.flowi4_tos = tos;
fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
fl4.daddr = daddr;
- fl4.saddr = saddr;
+ fl4.saddr = lsrc? : saddr;
+ fl4.fl4_gw = 0;
err = fib_lookup(net, &fl4, &res);
if (err != 0) {
if (!IN_DEV_FORWARD(in_dev))
goto e_hostunreach;
goto no_route;
}
+ fl4.flowi4_iif = dev->ifindex;
+ fl4.saddr = saddr;
RT_CACHE_STAT_INC(in_slow_tot);
@@ -2313,7 +2336,7 @@ static int ip_route_input_slow(struct sk
if (res.type == RTN_LOCAL) {
err = fib_validate_source(skb, saddr, daddr, tos,
net->loopback_dev->ifindex,
- dev, &spec_dst, &itag);
+ dev, &spec_dst, &itag, 1);
if (err < 0)
goto martian_source_keep_err;
if (err)
@@ -2327,18 +2350,21 @@ static int ip_route_input_slow(struct sk
if (res.type != RTN_UNICAST)
goto martian_destination;
- err = ip_mkroute_input(skb, &res, &fl4, in_dev, daddr, saddr, tos);
+ err = ip_mkroute_input(skb, &res, net, &fl4, in_dev, daddr, saddr,
+ tos, lsrc);
out: return err;
brd_input:
if (skb->protocol != htons(ETH_P_IP))
goto e_inval;
+ if (lsrc)
+ goto e_inval;
if (ipv4_is_zeronet(saddr))
spec_dst = inet_select_addr(dev, 0, RT_SCOPE_LINK);
else {
err = fib_validate_source(skb, saddr, 0, tos, 0, dev, &spec_dst,
- &itag);
+ &itag, 1);
if (err < 0)
goto martian_source_keep_err;
if (err)
@@ -2362,6 +2388,8 @@ local_input:
rth->rt_key_dst = daddr;
rth->rt_key_src = saddr;
+ rth->rt_key_lsrc = 0;
+ rth->rt_key_gw = 0;
rth->rt_genid = rt_genid(net);
rth->rt_flags = flags|RTCF_LOCAL;
rth->rt_type = res.type;
@@ -2430,8 +2458,9 @@ martian_source_keep_err:
goto out;
}
-int ip_route_input_common(struct sk_buff *skb, __be32 daddr, __be32 saddr,
- u8 tos, struct net_device *dev, bool noref)
+int ip_route_input_cached(struct sk_buff *skb, __be32 daddr, __be32 saddr,
+ u8 tos, struct net_device *dev, bool noref,
+ __be32 lsrc)
{
struct rtable * rth;
unsigned hash;
@@ -2454,6 +2483,7 @@ int ip_route_input_common(struct sk_buff
if ((((__force u32)rth->rt_key_dst ^ (__force u32)daddr) |
((__force u32)rth->rt_key_src ^ (__force u32)saddr) |
(rth->rt_route_iif ^ iif) |
+ (rth->rt_key_lsrc ^ lsrc) |
(rth->rt_key_tos ^ tos)) == 0 &&
rth->rt_mark == skb->mark &&
net_eq(dev_net(rth->dst.dev), net) &&
@@ -2507,12 +2537,25 @@ skip_cache:
rcu_read_unlock();
return -EINVAL;
}
- res = ip_route_input_slow(skb, daddr, saddr, tos, dev);
+ res = ip_route_input_slow(skb, daddr, saddr, tos, dev, lsrc);
rcu_read_unlock();
return res;
}
+
+int ip_route_input_common(struct sk_buff *skb, __be32 daddr, __be32 saddr,
+ u8 tos, struct net_device *dev, bool noref)
+{
+ return ip_route_input_cached(skb, daddr, saddr, tos, dev, noref, 0);
+}
EXPORT_SYMBOL(ip_route_input_common);
+int ip_route_input_lookup(struct sk_buff *skb, __be32 daddr, __be32 saddr,
+ u8 tos, struct net_device *dev, __be32 lsrc)
+{
+ return ip_route_input_cached(skb, daddr, saddr, tos, dev, true, lsrc);
+}
+EXPORT_SYMBOL(ip_route_input_lookup);
+
/* called with rcu_read_lock() */
static struct rtable *__mkroute_output(const struct fib_result *res,
const struct flowi4 *fl4,
@@ -2569,6 +2612,8 @@ static struct rtable *__mkroute_output(c
rth->rt_key_dst = orig_daddr;
rth->rt_key_src = orig_saddr;
+ rth->rt_key_lsrc = 0;
+ rth->rt_key_gw = fl4->fl4_gw;
rth->rt_genid = rt_genid(dev_net(dev_out));
rth->rt_flags = flags;
rth->rt_type = type;
@@ -2729,6 +2774,7 @@ static struct rtable *ip_route_output_sl
fl4->daddr = fl4->saddr = htonl(INADDR_LOOPBACK);
dev_out = net->loopback_dev;
fl4->flowi4_oif = net->loopback_dev->ifindex;
+ fl4->fl4_gw = 0;
res.type = RTN_LOCAL;
flags |= RTCF_LOCAL;
goto make_route;
@@ -2766,6 +2812,27 @@ static struct rtable *ip_route_output_sl
}
if (res.type == RTN_LOCAL) {
+ struct in_device *in_dev;
+ __be32 src;
+
+ dev_out = FIB_RES_DEV(res);
+ in_dev = __in_dev_get_rcu(dev_out);
+ src = fl4->saddr? : FIB_RES_PREFSRC(net, res);
+ if (in_dev && IN_DEV_LOOP(in_dev) && src) {
+ struct net_device *dev_src;
+
+ dev_src = __ip_dev_find(net, src, false);
+ if (dev_src && dev_src != dev_out &&
+ (in_dev = __in_dev_get_rcu(dev_src)) &&
+ IN_DEV_LOOP(in_dev)) {
+ dev_out = dev_src;
+ fl4->saddr = src;
+ fl4->flowi4_oif = dev_out->ifindex;
+ res.type = RTN_UNICAST;
+ res.fi = NULL;
+ goto make_route;
+ }
+ }
if (!fl4->saddr) {
if (res.fi->fib_prefsrc)
fl4->saddr = res.fi->fib_prefsrc;
@@ -2774,20 +2841,18 @@ static struct rtable *ip_route_output_sl
}
dev_out = net->loopback_dev;
fl4->flowi4_oif = dev_out->ifindex;
+ fl4->fl4_gw = 0;
res.fi = NULL;
flags |= RTCF_LOCAL;
goto make_route;
}
+ if (res.type == RTN_UNICAST)
+ fib_select_default(fl4, &res);
#ifdef CONFIG_IP_ROUTE_MULTIPATH
- if (res.fi->fib_nhs > 1 && fl4->flowi4_oif == 0)
- fib_select_multipath(&res);
- else
+ if (res.fi->fib_nhs > 1)
+ fib_select_multipath(fl4, &res);
#endif
- if (!res.prefixlen &&
- res.table->tb_num_default > 1 &&
- res.type == RTN_UNICAST && !fl4->flowi4_oif)
- fib_select_default(&res);
if (!fl4->saddr)
fl4->saddr = FIB_RES_PREFSRC(net, res);
@@ -2829,6 +2894,7 @@ struct rtable *__ip_route_output_key(str
rth->rt_key_src == flp4->saddr &&
rt_is_output_route(rth) &&
rth->rt_oif == flp4->flowi4_oif &&
+ rth->rt_key_gw == flp4->fl4_gw &&
rth->rt_mark == flp4->flowi4_mark &&
!((rth->rt_key_tos ^ flp4->flowi4_tos) &
(IPTOS_RT_MASK | RTO_ONLINK)) &&
@@ -2906,6 +2972,8 @@ struct dst_entry *ipv4_blackhole_route(s
rt->rt_key_dst = ort->rt_key_dst;
rt->rt_key_src = ort->rt_key_src;
+ rt->rt_key_lsrc = ort->rt_key_lsrc;
+ rt->rt_key_gw = ort->rt_key_gw ? ort->rt_gateway : 0;
rt->rt_key_tos = ort->rt_key_tos;
rt->rt_route_iif = ort->rt_route_iif;
rt->rt_iif = ort->rt_iif;
Reference in a new issue View git blame Copy permalink