[IPV6] ROUTE: Routing by FWMARK.

Based on patch by Jean Lorchat <lorchat@sfc.wide.ad.jp>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
This commit is contained in:
YOSHIFUJI Hideaki 2006-08-21 19:22:01 +09:00 committed by David S. Miller
parent 2cc67cc731
commit 75bff8f023
5 changed files with 34 additions and 1 deletions

View file

@ -34,7 +34,7 @@ enum
FRA_UNUSED3, FRA_UNUSED3,
FRA_UNUSED4, FRA_UNUSED4,
FRA_UNUSED5, FRA_UNUSED5,
FRA_FWMARK, /* netfilter mark (IPv4) */ FRA_FWMARK, /* netfilter mark (IPv4/IPv6) */
FRA_FLOW, /* flow/class id */ FRA_FLOW, /* flow/class id */
FRA_UNUSED6, FRA_UNUSED6,
FRA_UNUSED7, FRA_UNUSED7,

View file

@ -26,6 +26,7 @@ struct flowi {
struct { struct {
struct in6_addr daddr; struct in6_addr daddr;
struct in6_addr saddr; struct in6_addr saddr;
__u32 fwmark;
__u32 flowlabel; __u32 flowlabel;
} ip6_u; } ip6_u;
@ -42,6 +43,7 @@ struct flowi {
#define fld_scope nl_u.dn_u.scope #define fld_scope nl_u.dn_u.scope
#define fl6_dst nl_u.ip6_u.daddr #define fl6_dst nl_u.ip6_u.daddr
#define fl6_src nl_u.ip6_u.saddr #define fl6_src nl_u.ip6_u.saddr
#define fl6_fwmark nl_u.ip6_u.fwmark
#define fl6_flowlabel nl_u.ip6_u.flowlabel #define fl6_flowlabel nl_u.ip6_u.flowlabel
#define fl4_dst nl_u.ip4_u.daddr #define fl4_dst nl_u.ip4_u.daddr
#define fl4_src nl_u.ip4_u.saddr #define fl4_src nl_u.ip4_u.saddr

View file

@ -173,3 +173,10 @@ config IPV6_MULTIPLE_TABLES
---help--- ---help---
Support multiple routing tables. Support multiple routing tables.
config IPV6_ROUTE_FWMARK
bool "IPv6: use netfilter MARK value as routing key"
depends on IPV6_MULTIPLE_TABLES && NETFILTER
---help---
If you say Y here, you will be able to specify different routes for
packets with different mark values (see iptables(8), MARK target).

View file

@ -26,6 +26,9 @@ struct fib6_rule
struct fib_rule common; struct fib_rule common;
struct rt6key src; struct rt6key src;
struct rt6key dst; struct rt6key dst;
#ifdef CONFIG_IPV6_ROUTE_FWMARK
u8 fwmark;
#endif
u8 tclass; u8 tclass;
}; };
@ -124,6 +127,11 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff)) if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff))
return 0; return 0;
#ifdef CONFIG_IPV6_ROUTE_FWMARK
if (r->fwmark && (r->fwmark != fl->fl6_fwmark))
return 0;
#endif
return 1; return 1;
} }
@ -164,6 +172,11 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
nla_memcpy(&rule6->dst.addr, tb[FRA_DST], nla_memcpy(&rule6->dst.addr, tb[FRA_DST],
sizeof(struct in6_addr)); sizeof(struct in6_addr));
#ifdef CONFIG_IPV6_ROUTE_FWMARK
if (tb[FRA_FWMARK])
rule6->fwmark = nla_get_u32(tb[FRA_FWMARK]);
#endif
rule6->src.plen = frh->src_len; rule6->src.plen = frh->src_len;
rule6->dst.plen = frh->dst_len; rule6->dst.plen = frh->dst_len;
rule6->tclass = frh->tos; rule6->tclass = frh->tos;
@ -195,6 +208,11 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
nla_memcmp(tb[FRA_DST], &rule6->dst.addr, sizeof(struct in6_addr))) nla_memcmp(tb[FRA_DST], &rule6->dst.addr, sizeof(struct in6_addr)))
return 0; return 0;
#ifdef CONFIG_IPV6_ROUTE_FWMARK
if (tb[FRA_FWMARK] && (rule6->fwmark != nla_get_u32(tb[FRA_FWMARK])))
return 0;
#endif
return 1; return 1;
} }
@ -216,6 +234,11 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
NLA_PUT(skb, FRA_SRC, sizeof(struct in6_addr), NLA_PUT(skb, FRA_SRC, sizeof(struct in6_addr),
&rule6->src.addr); &rule6->src.addr);
#ifdef CONFIG_IPV6_ROUTE_FWMARK
if (rule6->fwmark)
NLA_PUT_U32(skb, FRA_FWMARK, rule6->fwmark);
#endif
return 0; return 0;
nla_put_failure: nla_put_failure:

View file

@ -703,6 +703,7 @@ void ip6_route_input(struct sk_buff *skb)
.ip6_u = { .ip6_u = {
.daddr = iph->daddr, .daddr = iph->daddr,
.saddr = iph->saddr, .saddr = iph->saddr,
.fwmark = skb->nfmark,
.flowlabel = (* (u32 *) iph)&IPV6_FLOWINFO_MASK, .flowlabel = (* (u32 *) iph)&IPV6_FLOWINFO_MASK,
}, },
}, },