From: jamal <hadi@cyberus.ca>
To: KOVACS Krisztian <hidden@balabit.hu>
Cc: KOVACS Krisztian <hidden@sch.bme.hu>,
Patrick McHardy <kaber@trash.net>,
Andreas Schultz <aschultz@warp10.net>,
tproxy@lists.balabit.hu, netdev@vger.kernel.org
Subject: Re: [tproxy,regression] tproxy broken in 2.6.32
Date: Tue, 01 Dec 2009 08:34:48 -0500 [thread overview]
Message-ID: <1259674488.3168.45.camel@bigi> (raw)
In-Reply-To: <1259589577.873.30.camel@bigi>
[-- Attachment #1: Type: text/plain, Size: 247 bytes --]
On Mon, 2009-11-30 at 08:59 -0500, jamal wrote:
> [I could move the check into fib_validate, but that would punish other
> users with a few extra cycles].
As in the following patch (gleaned from Patrick's patch on send to self)
cheers,
jamal
[-- Attachment #2: fib-val-sysctl2 --]
[-- Type: text/x-patch, Size: 2734 bytes --]
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index ad27c7d..9cd0bcf 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -83,6 +83,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev)
#define IN_DEV_FORWARD(in_dev) IN_DEV_CONF_GET((in_dev), FORWARDING)
#define IN_DEV_MFORWARD(in_dev) IN_DEV_ANDCONF((in_dev), MC_FORWARDING)
#define IN_DEV_RPFILTER(in_dev) IN_DEV_MAXCONF((in_dev), RP_FILTER)
+#define IN_DEV_SRC_VMARK(in_dev) IN_DEV_ORCONF((in_dev), SRC_VMARK)
#define IN_DEV_SOURCE_ROUTE(in_dev) IN_DEV_ANDCONF((in_dev), \
ACCEPT_SOURCE_ROUTE)
#define IN_DEV_BOOTP_RELAY(in_dev) IN_DEV_ANDCONF((in_dev), BOOTP_RELAY)
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 1e4743e..843f71b 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -490,6 +490,7 @@ enum
NET_IPV4_CONF_PROMOTE_SECONDARIES=20,
NET_IPV4_CONF_ARP_ACCEPT=21,
NET_IPV4_CONF_ARP_NOTIFY=22,
+ NET_IPV4_CONF_SRC_VMARK=23,
__NET_IPV4_CONF_MAX
};
diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
index b6e7aae..469193c 100644
--- a/kernel/sysctl_check.c
+++ b/kernel/sysctl_check.c
@@ -220,6 +220,7 @@ static const struct trans_ctl_table trans_net_ipv4_conf_vars_table[] = {
{ NET_IPV4_CONF_PROMOTE_SECONDARIES, "promote_secondaries" },
{ NET_IPV4_CONF_ARP_ACCEPT, "arp_accept" },
{ NET_IPV4_CONF_ARP_NOTIFY, "arp_notify" },
+ { NET_IPV4_CONF_SRC_VMARK, "src_valid_mark" },
{}
};
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5df2f6a..0030e73 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1450,6 +1450,7 @@ static struct devinet_sysctl_table {
DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
"accept_source_route"),
+ DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index aa00398..b489135 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -241,16 +241,19 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
.iif = oif };
struct fib_result res;
- int no_addr, rpf;
+ int no_addr, rpf, validate_mark;
int ret;
struct net *net;
- no_addr = rpf = 0;
+ no_addr = rpf = validate_mark = 0;
rcu_read_lock();
in_dev = __in_dev_get_rcu(dev);
if (in_dev) {
no_addr = in_dev->ifa_list == NULL;
rpf = IN_DEV_RPFILTER(in_dev);
+ validate_mark = IN_DEV_SRC_VMARK(in_dev);
+ if (!validate_mark)
+ mark = 0;
}
rcu_read_unlock();
next prev parent reply other threads:[~2009-12-01 13:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <db81a9a20911230443h443b3c2l8fab5aef7b09cfa@mail.gmail.com>
[not found] ` <1259137434.9191.3.camel@nienna.balabit>
2009-11-26 17:19 ` [tproxy,regression] tproxy broken in 2.6.32 Andreas Schultz
2009-11-27 8:26 ` KOVACS Krisztian
2009-11-27 9:11 ` Andreas Schultz
2009-11-27 16:05 ` jamal
2009-11-28 15:15 ` KOVACS Krisztian
2009-11-28 15:45 ` jamal
2009-11-28 18:50 ` KOVACS Krisztian
2009-11-28 19:26 ` jamal
2009-11-28 15:46 ` Patrick McHardy
2009-11-28 16:04 ` jamal
2009-11-28 17:07 ` Patrick McHardy
2009-11-28 17:36 ` jamal
2009-11-28 19:05 ` KOVACS Krisztian
2009-11-28 19:44 ` jamal
2009-11-28 21:21 ` David Miller
2009-11-28 22:20 ` jamal
2009-11-29 20:35 ` KOVACS Krisztian
2009-11-30 12:15 ` jamal
2009-11-30 12:45 ` KOVACS Krisztian
2009-11-30 13:59 ` jamal
2009-12-01 13:34 ` jamal [this message]
2009-12-03 6:31 ` David Miller
2009-12-03 13:53 ` jamal
2009-12-03 13:55 ` Patrick McHardy
2009-12-03 14:07 ` KOVACS Krisztian
2009-12-03 14:29 ` jamal
2009-12-13 16:52 ` [PATCH] net: restore ip source validation WAS(Re: " jamal
2009-12-13 18:12 ` Julian Anastasov
2009-12-13 18:38 ` jamal
2009-12-13 19:11 ` jamal
2009-12-13 19:15 ` jamal
2009-12-14 3:10 ` David Miller
2009-12-14 10:19 ` jamal
2009-12-26 1:30 ` David Miller
2009-12-26 15:05 ` jamal
2009-12-26 21:45 ` David Miller
2009-11-30 20:17 ` David Miller
2009-11-28 21:22 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1259674488.3168.45.camel@bigi \
--to=hadi@cyberus.ca \
--cc=aschultz@warp10.net \
--cc=hidden@balabit.hu \
--cc=hidden@sch.bme.hu \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.