[PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.

[PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.

[YOSHIFUJI Hideaki / 吉藤英明]

When looking up route for destination with rules with
source address restrictions, we may need to find a source
address for the traffic if not given.

Based on patch from Noriaki TAKAMIYA <takamiya@po.ntts.co.jp>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
 include/linux/fib_rules.h |    7 +++++--
 net/ipv6/fib6_rules.c     |   34 +++++++++++++++++++++++++++++++---
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h
index 8270aac..2bbfa87 100644
--- a/include/linux/fib_rules.h
+++ b/include/linux/fib_rules.h
@@ -5,8 +5,11 @@
 #include <linux/rtnetlink.h>
 
 /* rule is permanent, and cannot be deleted */
-#define FIB_RULE_PERMANENT	1
-#define FIB_RULE_INVERT		2
+#define FIB_RULE_PERMANENT	0x00000001
+#define FIB_RULE_INVERT		0x00000002
+
+/* try to find source address in routing lookups */
+#define	FIB_RULE_FIND_SADDR	0x00010000
 
 struct fib_rule_hdr
 {
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index f0f0e8c..514a743 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -17,6 +17,7 @@
 
 #include <net/fib_rules.h>
 #include <net/ipv6.h>
+#include <net/addrconf.h>
 #include <net/ip6_route.h>
 #include <net/netlink.h>
 
@@ -95,8 +96,27 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
 	if (table)
 		rt = lookup(table, flp, flags);
 
-	if (rt != &ip6_null_entry)
+	if (rt != &ip6_null_entry) {
+		struct fib6_rule *r = (struct fib6_rule *)rule;
+
+		/*
+		 * If we need to find a source address for this traffic,
+		 * we check the result if it meets requirement of the rule.
+		 */
+		if ((rule->flags & FIB_RULE_FIND_SADDR) &&
+		    r->src.plen && !(flags & RT6_LOOKUP_F_HAS_SADDR)) {
+			struct in6_addr saddr;
+			if (ipv6_get_saddr(&rt->u.dst, &flp->fl6_dst,
+					   &saddr))
+				goto again;
+			if (!ipv6_prefix_equal(&saddr, &r->src.addr,
+					       r->src.plen))
+				goto again;
+			ipv6_addr_copy(&flp->fl6_src, &saddr);
+		}
 		goto out;
+	}
+again:
 	dst_release(&rt->u.dst);
 	rt = NULL;
 	goto out;
@@ -117,9 +137,17 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
 	    !ipv6_prefix_equal(&fl->fl6_dst, &r->dst.addr, r->dst.plen))
 		return 0;
 
+	/*
+	 * If FIB_RULE_FIND_SADDR is set and we do not have a
+	 * source address for the traffic, we defer check for
+	 * source address.
+	 */
 	if (r->src.plen) {
-		if (!(flags & RT6_LOOKUP_F_HAS_SADDR) ||
-		    !ipv6_prefix_equal(&fl->fl6_src, &r->src.addr, r->src.plen))
+		if (flags & RT6_LOOKUP_F_HAS_SADDR) {
+			if (!ipv6_prefix_equal(&fl->fl6_src, &r->src.addr,
+					       r->src.plen))
+				return 0;
+		} else if (!(r->common.flags & FIB_RULE_FIND_SADDR))
 			return 0;
 	}
 
-- 
1.4.4.1.g562ce

Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.

[Thomas Graf]

* YOSHIFUJI Hideaki / ?$B5HF#1QL@ <yoshfuji@linux-ipv6.org> 2007-03-27 22:45
> When looking up route for destination with rules with
> source address restrictions, we may need to find a source
> address for the traffic if not given.

Out of curiosity, what sort of rules would have this flag set?
The majority of lookups don't provide a valid source address.
This new address search could become very expensive, because
none of the results are cached.

> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
> ---
>  include/linux/fib_rules.h |    7 +++++--
>  net/ipv6/fib6_rules.c     |   34 +++++++++++++++++++++++++++++++---
>  2 files changed, 36 insertions(+), 5 deletions(-)
> 
> diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h
> index 8270aac..2bbfa87 100644
> --- a/include/linux/fib_rules.h
> +++ b/include/linux/fib_rules.h
> @@ -5,8 +5,11 @@
>  #include <linux/rtnetlink.h>
>  
>  /* rule is permanent, and cannot be deleted */
> -#define FIB_RULE_PERMANENT	1
> -#define FIB_RULE_INVERT		2
> +#define FIB_RULE_PERMANENT	0x00000001
> +#define FIB_RULE_INVERT		0x00000002
> +
> +/* try to find source address in routing lookups */
> +#define	FIB_RULE_FIND_SADDR	0x00010000
>  
>  struct fib_rule_hdr
>  {

This chunk won't apply to latest net-2.6.22, I've added two more
flags yesterday.

Ethernet Frame Generation

[Simba]

Greetings,

I am new to this list. I have a very special question.

I am currently working on a new l2/l3 protocol (just for
research reasons) and i would like to make a test implementation
in the linux kernel.

For this i need to modify the ethernet header and replace it
with my header. The payload of this header holds the raw data, or
an TCP segment, or an UDP datagram.

The problem is, that i try to find out, where this code is located
in the kernel source.

I found out, that most of the ethernet handling can be found in eth.c
I am just not sure, if there are other dependencies which i need to
have a look at. I tried to find more information on the internet but
couldnt actually.

So if you can help me with this question i would really really 
appreciate it.
I am quite new to this, and i am sorry, if it sounds like a silly 
question for some of you.

The implementation should at the moment only go that far, that i can
make two patched linux boxes to talk to each other.

Thanks for your help

Greetings
Christoph Kellner

Re: Ethernet Frame Generation

[Evgeniy Polyakov]

On Tue, Mar 27, 2007 at 05:27:42PM +0200, Simba (simba@lionking.at) wrote:
> I am currently working on a new l2/l3 protocol (just for
> research reasons) and i would like to make a test implementation
> in the linux kernel.
> 
> For this i need to modify the ethernet header and replace it
> with my header. The payload of this header holds the raw data, or
> an TCP segment, or an UDP datagram.

How will your hardware handle that new protocol?

Anyway, you need to setup skb and call driver's ->hard_start_xmit() 
callback under tx lock with check if driver allows to transmit data.

Check net/pktgen.c -> pktgen_xmit() function.

The simplest way to receive a packet is about putting your code into 
netif_receive_skb().

-- 
	Evgeniy Polyakov

Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.

[YOSHIFUJI Hideaki / 吉藤英明]

In article <20070327142519.GN521@postel.suug.ch> (at Tue, 27 Mar 2007 16:25:19 +0200), Thomas Graf <tgraf@suug.ch> says:

> * YOSHIFUJI Hideaki / ?$B5HF#1QL@ <yoshfuji@linux-ipv6.org> 2007-03-27 22:45
> > When looking up route for destination with rules with
> > source address restrictions, we may need to find a source
> > address for the traffic if not given.
> 
> Out of curiosity, what sort of rules would have this flag set?
> The majority of lookups don't provide a valid source address.
> This new address search could become very expensive, because
> none of the results are cached.

This flags is used for Mobile IPv6.

Well, for non-connected sockets on hosts, yes,
the process might not be light-weight.
But, on routers, or once the socket is connected,
source address should be always set.

> This chunk won't apply to latest net-2.6.22, I've added two more
> flags yesterday.

Oops,... I'll send rebased version...

--yoshfuji

Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.

[Noriaki TAKAMIYA]

Hi,

>> Wed, 28 Mar 2007 12:49:40 +0900 (JST)
>> [Subject: Re: [PATCH net-2.6.22] [IPV6] FIB6RULE: Find source address during looking up route.]
>> YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> wrote...

> > Out of curiosity, what sort of rules would have this flag set?
> > The majority of lookups don't provide a valid source address.
> > This new address search could become very expensive, because
> > none of the results are cached.
> 
> This flags is used for Mobile IPv6.
> 
> Well, for non-connected sockets on hosts, yes,
> the process might not be light-weight.
> But, on routers, or once the socket is connected,
> source address should be always set.

  Even if you set the rule which has the condition regarding as the
  source address, this rule is not selected for the first packet
  because the source address is not chosen yet.

  This fix is required to do source address based routing using
  fib6_rules.

#Even if the same routing with subtrees, the same problem is caused.

  Regards,

--
Noriaki TAKAMIYA