summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>2006-08-21 19:22:01 +0900
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 15:18:00 -0700
commit75bff8f023e02b045a8f68f36fa7da98dca124b8 (patch)
treee476cdbadcb6386d1f2dcbc6d637800261984375 /net
parent2cc67cc731d9b693a08e781e98fec0e3a6d6ba44 (diff)
downloadkernel-crypto-75bff8f023e02b045a8f68f36fa7da98dca124b8.tar.gz
kernel-crypto-75bff8f023e02b045a8f68f36fa7da98dca124b8.tar.xz
kernel-crypto-75bff8f023e02b045a8f68f36fa7da98dca124b8.zip
[IPV6] ROUTE: Routing by FWMARK.
Based on patch by Jean Lorchat <lorchat@sfc.wide.ad.jp>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net')
-rw-r--r--net/ipv6/Kconfig7
-rw-r--r--net/ipv6/fib6_rules.c23
-rw-r--r--net/ipv6/route.c1
3 files changed, 31 insertions, 0 deletions
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 21e0cc808f4..a2d211da2ab 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -173,3 +173,10 @@ config IPV6_MULTIPLE_TABLES
---help---
Support multiple routing tables.
+config IPV6_ROUTE_FWMARK
+ bool "IPv6: use netfilter MARK value as routing key"
+ depends on IPV6_MULTIPLE_TABLES && NETFILTER
+ ---help---
+ If you say Y here, you will be able to specify different routes for
+ packets with different mark values (see iptables(8), MARK target).
+
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 91f6233d8ef..aebd9e2b85a 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -26,6 +26,9 @@ struct fib6_rule
struct fib_rule common;
struct rt6key src;
struct rt6key dst;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ u8 fwmark;
+#endif
u8 tclass;
};
@@ -124,6 +127,11 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
if (r->tclass && r->tclass != ((ntohl(fl->fl6_flowlabel) >> 20) & 0xff))
return 0;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (r->fwmark && (r->fwmark != fl->fl6_fwmark))
+ return 0;
+#endif
+
return 1;
}
@@ -164,6 +172,11 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
nla_memcpy(&rule6->dst.addr, tb[FRA_DST],
sizeof(struct in6_addr));
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (tb[FRA_FWMARK])
+ rule6->fwmark = nla_get_u32(tb[FRA_FWMARK]);
+#endif
+
rule6->src.plen = frh->src_len;
rule6->dst.plen = frh->dst_len;
rule6->tclass = frh->tos;
@@ -195,6 +208,11 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
nla_memcmp(tb[FRA_DST], &rule6->dst.addr, sizeof(struct in6_addr)))
return 0;
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (tb[FRA_FWMARK] && (rule6->fwmark != nla_get_u32(tb[FRA_FWMARK])))
+ return 0;
+#endif
+
return 1;
}
@@ -216,6 +234,11 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
NLA_PUT(skb, FRA_SRC, sizeof(struct in6_addr),
&rule6->src.addr);
+#ifdef CONFIG_IPV6_ROUTE_FWMARK
+ if (rule6->fwmark)
+ NLA_PUT_U32(skb, FRA_FWMARK, rule6->fwmark);
+#endif
+
return 0;
nla_put_failure:
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 20691285aee..649350bd929 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -703,6 +703,7 @@ void ip6_route_input(struct sk_buff *skb)
.ip6_u = {
.daddr = iph->daddr,
.saddr = iph->saddr,
+ .fwmark = skb->nfmark,
.flowlabel = (* (u32 *) iph)&IPV6_FLOWINFO_MASK,
},
},