From: David Ahern <dsahern@kernel.org>
To: netdev@vger.kernel.org, davem@davemloft.net
Cc: christian@brauner.io, jbenc@redhat.com,
stephen@networkplumber.org, David Ahern <dsahern@gmail.com>
Subject: [PATCH RFC v2 net-next 24/25] net: Plumb support for filtering ipv4 and ipv6 multicast route dumps
Date: Mon, 1 Oct 2018 17:28:50 -0700 [thread overview]
Message-ID: <20181002002851.5002-25-dsahern@kernel.org> (raw)
In-Reply-To: <20181002002851.5002-1-dsahern@kernel.org>
From: David Ahern <dsahern@gmail.com>
Implement kernel side filtering of routes by egress device index and
table id.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
include/linux/mroute_base.h | 5 +++--
net/ipv4/ipmr.c | 2 +-
net/ipv4/ipmr_base.c | 42 +++++++++++++++++++++++++++++++++++++++++-
net/ipv6/ip6mr.c | 2 +-
4 files changed, 46 insertions(+), 5 deletions(-)
diff --git a/include/linux/mroute_base.h b/include/linux/mroute_base.h
index 6675b9f81979..8fc516c47a64 100644
--- a/include/linux/mroute_base.h
+++ b/include/linux/mroute_base.h
@@ -7,6 +7,7 @@
#include <net/net_namespace.h>
#include <net/sock.h>
#include <net/fib_notifier.h>
+#include <net/ip_fib.h>
/**
* struct vif_device - interface representor for multicast routing
@@ -290,7 +291,7 @@ int mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb,
struct sk_buff *skb,
u32 portid, u32 seq, struct mr_mfc *c,
int cmd, int flags),
- spinlock_t *lock);
+ spinlock_t *lock, struct fib_dump_filter *filter);
int mr_dump(struct net *net, struct notifier_block *nb, unsigned short family,
int (*rules_dump)(struct net *net,
@@ -340,7 +341,7 @@ mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb,
struct sk_buff *skb,
u32 portid, u32 seq, struct mr_mfc *c,
int cmd, int flags),
- spinlock_t *lock)
+ spinlock_t *lock, struct fib_dump_filter *filter)
{
return -EINVAL;
}
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 9e9ad60dff6b..2fe24009439a 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -2538,7 +2538,7 @@ static int ipmr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
}
return mr_rtm_dumproute(skb, cb, ipmr_mr_table_iter,
- _ipmr_fill_mroute, &mfc_unres_lock);
+ _ipmr_fill_mroute, &mfc_unres_lock, &filter);
}
static const struct nla_policy rtm_ipmr_policy[RTA_MAX + 1] = {
diff --git a/net/ipv4/ipmr_base.c b/net/ipv4/ipmr_base.c
index 1ad9aa62a97b..a4f83cbf033d 100644
--- a/net/ipv4/ipmr_base.c
+++ b/net/ipv4/ipmr_base.c
@@ -268,6 +268,24 @@ int mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
}
EXPORT_SYMBOL(mr_fill_mroute);
+static bool mr_mfc_uses_dev(const struct mr_table *mrt,
+ const struct mr_mfc *c,
+ const struct net_device *dev)
+{
+ int ct;
+
+ for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
+ if (VIF_EXISTS(mrt, ct) && c->mfc_un.res.ttls[ct] < 255) {
+ const struct vif_device *vif;
+
+ vif = &mrt->vif_table[ct];
+ if (vif->dev == dev)
+ return true;
+ }
+ }
+ return false;
+}
+
int mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb,
struct mr_table *(*iter)(struct net *net,
struct mr_table *mrt),
@@ -275,17 +293,35 @@ int mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb,
struct sk_buff *skb,
u32 portid, u32 seq, struct mr_mfc *c,
int cmd, int flags),
- spinlock_t *lock)
+ spinlock_t *lock, struct fib_dump_filter *filter)
{
unsigned int t = 0, e = 0, s_t = cb->args[0], s_e = cb->args[1];
struct net *net = sock_net(skb->sk);
struct mr_table *mrt;
struct mr_mfc *mfc;
+ /* multicast does not use tos or scope, track protocol or have
+ * route type other than RTN_MULTICAST
+ */
+ if (filter->tos || filter->protocol || filter->scope || filter->flags ||
+ (filter->rt_type && filter->rt_type != RTN_MULTICAST))
+ return 0;
+
rcu_read_lock();
+
+ if (filter->ifindex) {
+ filter->dev = dev_get_by_index_rcu(net, filter->ifindex);
+ if (!filter->dev) {
+ rcu_read_unlock();
+ return -ENODEV;
+ }
+ }
+
for (mrt = iter(net, NULL); mrt; mrt = iter(net, mrt)) {
if (t < s_t)
goto next_table;
+ if (filter->table_id && filter->table_id != mrt->id)
+ goto next_table;
list_for_each_entry_rcu(mfc, &mrt->mfc_cache_list, list) {
if (e < s_e)
goto next_entry;
@@ -303,6 +339,10 @@ int mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb,
list_for_each_entry(mfc, &mrt->mfc_unres_queue, list) {
if (e < s_e)
goto next_entry2;
+ if (filter->dev &&
+ !mr_mfc_uses_dev(mrt, mfc, filter->dev))
+ goto next_entry2;
+
if (fill(mrt, skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq, mfc,
RTM_NEWROUTE, NLM_F_MULTI) < 0) {
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index b3084b2c8f88..08e2443ca0cc 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -2444,5 +2444,5 @@ static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
}
return mr_rtm_dumproute(skb, cb, ip6mr_mr_table_iter,
- _ip6mr_fill_mroute, &mfc_unres_lock);
+ _ip6mr_fill_mroute, &mfc_unres_lock, &filter);
}
--
2.11.0
next prev parent reply other threads:[~2018-10-02 7:09 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-02 0:28 [PATCH RFC v2 net-next 00/25] rtnetlink: Add support for rigid checking of data in dump request David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 01/25] net/netlink: Pass extack to dump callbacks David Ahern
2018-10-02 11:07 ` Christian Brauner
2018-10-02 0:28 ` [PATCH RFC v2 net-next 02/25] net/ipv6: Refactor address dump to push inet6_fill_args to in6_dump_addrs David Ahern
2018-10-02 10:54 ` Jiri Benc
2018-10-02 11:03 ` Christian Brauner
2018-10-02 11:07 ` Jiri Benc
2018-10-02 11:09 ` Christian Brauner
2018-10-02 15:11 ` David Ahern
2018-10-02 16:24 ` Jiri Benc
2018-10-02 0:28 ` [PATCH RFC v2 net-next 03/25] netlink: introduce NLM_F_DUMP_PROPER_HDR flag David Ahern
2018-10-02 11:06 ` Jiri Benc
2018-10-02 11:18 ` Christian Brauner
2018-10-02 11:27 ` Jiri Benc
2018-10-02 14:57 ` David Ahern
2018-10-02 16:30 ` Jiri Benc
2018-10-02 19:20 ` David Ahern
2018-10-02 14:55 ` David Ahern
2018-10-02 16:33 ` Jiri Benc
2018-10-02 0:28 ` [PATCH RFC v2 net-next 04/25] net/ipv4: Update inet_dump_ifaddr to support NLM_F_DUMP_PROPER_HDR David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 05/25] net/ipv6: Update inet6_dump_addr " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 06/25] rtnetlink: Update rtnl_dump_ifinfo " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 07/25] rtnetlink: Update rtnl_bridge_getlink " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 08/25] rtnetlink: Update rtnl_stats_dump " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 09/25] rtnetlink: Update inet6_dump_ifinfo " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 10/25] rtnetlink: Update ipmr_rtm_dumplink " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 11/25] rtnetlink: Update fib dumps " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 12/25] net/neigh: Refactor dump filter handling David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 13/25] net/neighbor: Update neigh_dump_info to support NLM_F_DUMP_PROPER_HDR David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 14/25] net/neighbor: Update neightbl_dump_info " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 15/25] net/namespace: Update rtnl_net_dumpid " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 16/25] net/fib_rules: Update fib_nl_dumprule " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 17/25] net/ipv6: Update ip6addrlbl_dump " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 18/25] net: Update netconf dump handlers " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 19/25] net/bridge: Update br_mdb_dump " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 20/25] net: Add struct for fib dump filter David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 21/25] net/ipv4: Plumb support for filtering route dumps David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 22/25] net/ipv6: " David Ahern
2018-10-02 0:28 ` [PATCH RFC v2 net-next 23/25] net/mpls: " David Ahern
2018-10-02 0:28 ` David Ahern [this message]
2018-10-02 0:28 ` [PATCH RFC v2 net-next 25/25] net: Enable kernel side filtering of " David Ahern
2018-10-03 14:59 ` [PATCH RFC v2 net-next 00/25] rtnetlink: Add support for rigid checking of data in dump request Stephen Hemminger
2018-10-03 15:21 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181002002851.5002-25-dsahern@kernel.org \
--to=dsahern@kernel.org \
--cc=christian@brauner.io \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=jbenc@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.