Forgot this one.
Can we add an argument for nfmark field in ip_route_output()? Needed
so local traffic can be routed in complex ways (mark altered in
NF_IP_LOCAL_OUT).
The other option is less invasive: make route_me_harder call
ip_route_output_slow() directly, and simply add the parameter there.
Trivial patch follows,
Rusty.
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/include/net/route.h
working-2.4.0-test6-uml-cvs/include/net/route.h
--- linux-2.4.0-test6-uml-cvs/include/net/route.h Sat Aug 12 00:49:28 2000
+++ working-2.4.0-test6-uml-cvs/include/net/route.h Sun Aug 13 03:24:50 2000
@@ -99,7 +99,7 @@
u32 src, u8 tos, struct net_device *dev);
extern void ip_rt_advice(struct rtable **rp, int advice);
extern void rt_cache_flush(int how);
-extern int ip_route_output(struct rtable **, u32 dst, u32 src, u32
tos, int oif);
+extern int ip_route_output(struct rtable **, u32 dst, u32 src, u32
tos, int oif, unsigned long nfmark);
extern int ip_route_input(struct sk_buff*, u32 dst, u32 src, u8
tos, struct net_device *devin);
extern unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short
new_mtu);
extern void ip_rt_update_pmtu(struct dst_entry *dst, unsigned mtu);
@@ -135,14 +135,14 @@
extern __inline__ int ip_route_connect(struct rtable **rp, u32 dst, u32 src,
u32 tos, int oif)
{
int err;
- err = ip_route_output(rp, dst, src, tos, oif);
+ err = ip_route_output(rp, dst, src, tos, oif, 0);
if (err || (dst && src))
return err;
dst = (*rp)->rt_dst;
src = (*rp)->rt_src;
ip_rt_put(*rp);
*rp = NULL;
- return ip_route_output(rp, dst, src, tos, oif);
+ return ip_route_output(rp, dst, src, tos, oif, 0);
}
extern void rt_bind_peer(struct rtable *rt, int create);
Only in working-2.4.0-test6-uml-cvs/: linux
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/atm/clip.c
working-2.4.0-test6-uml-cvs/net/atm/clip.c
--- linux-2.4.0-test6-uml-cvs/net/atm/clip.c Wed Jul 12 17:52:22 2000
+++ working-2.4.0-test6-uml-cvs/net/atm/clip.c Sun Aug 13 03:31:50 2000
@@ -525,7 +525,7 @@
unlink_clip_vcc(clip_vcc);
return 0;
}
- error = ip_route_output(&rt,ip,0,1,0);
+ error = ip_route_output(&rt,ip,0,1,0,0);
if (error) return error;
neigh = __neigh_lookup(&clip_tbl,&ip,rt->u.dst.dev,1);
ip_rt_put(rt);
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv4/arp.c
working-2.4.0-test6-uml-cvs/net/ipv4/arp.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/arp.c Sat Aug 12 00:23:39 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/arp.c Sun Aug 13 03:25:02 2000
@@ -838,7 +838,7 @@
r->arp_flags |= ATF_COM;
if (dev == NULL) {
struct rtable * rt;
- if ((err = ip_route_output(&rt, ip, 0, RTO_ONLINK, 0)) != 0)
+ if ((err = ip_route_output(&rt, ip, 0, RTO_ONLINK, 0, 0)) != 0)
return err;
dev = rt->u.dst.dev;
ip_rt_put(rt);
@@ -921,7 +921,7 @@
if (dev == NULL) {
struct rtable * rt;
- if ((err = ip_route_output(&rt, ip, 0, RTO_ONLINK, 0)) != 0)
+ if ((err = ip_route_output(&rt, ip, 0, RTO_ONLINK, 0, 0)) != 0)
return err;
dev = rt->u.dst.dev;
ip_rt_put(rt);
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv4/icmp.c
working-2.4.0-test6-uml-cvs/net/ipv4/icmp.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/icmp.c Sat Aug 12 00:23:39 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/icmp.c Sun Aug 13 03:25:15 2000
@@ -519,7 +519,7 @@
if (ipc.opt->srr)
daddr = icmp_param->replyopts.faddr;
}
- if (ip_route_output(&rt, daddr, rt->rt_spec_dst,
RT_TOS(skb->nh.iph->tos), 0))
+ if (ip_route_output(&rt, daddr, rt->rt_spec_dst,
RT_TOS(skb->nh.iph->tos), 0, 0))
goto out;
if (icmpv4_xrlim_allow(rt, icmp_param->icmph.type,
icmp_param->icmph.code)) {
@@ -631,7 +631,7 @@
* fast routing cache at first. Otherwise an attacker can
* grow the routing table.
*/
- if (ip_route_output(&rt, iph->saddr, saddr, RT_TOS(tos), 0))
+ if (ip_route_output(&rt, iph->saddr, saddr, RT_TOS(tos), 0, 0))
goto out;
if (ip_options_echo(&icmp_param.replyopts, skb_in))
@@ -654,7 +654,7 @@
ipc.opt = &icmp_param.replyopts;
if (icmp_param.replyopts.srr) {
ip_rt_put(rt);
- if (ip_route_output(&rt, icmp_param.replyopts.faddr, saddr,
RT_TOS(tos), 0))
+ if (ip_route_output(&rt, icmp_param.replyopts.faddr, saddr,
RT_TOS(tos), 0, 0))
goto out;
}
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv4/igmp.c
working-2.4.0-test6-uml-cvs/net/ipv4/igmp.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/igmp.c Sat Aug 12 00:23:39 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/igmp.c Sun Aug 13 03:28:28 2000
@@ -204,7 +204,7 @@
if (type == IGMP_HOST_LEAVE_MESSAGE)
dst = IGMP_ALL_ROUTER;
- if (ip_route_output(&rt, dst, 0, 0, dev->ifindex))
+ if (ip_route_output(&rt, dst, 0, 0, dev->ifindex, 0))
return -1;
if (rt->rt_src == 0) {
ip_rt_put(rt);
@@ -610,7 +610,7 @@
__dev_put(dev);
}
- if (!dev && !ip_route_output(&rt, imr->imr_multiaddr.s_addr, 0, 0, 0)) {
+ if (!dev && !ip_route_output(&rt, imr->imr_multiaddr.s_addr, 0, 0, 0,
0)) {
dev = rt->u.dst.dev;
ip_rt_put(rt);
}
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/ip_gre.c
working-2.4.0-test6-uml-cvs/net/ipv4/ip_gre.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/ip_gre.c Sat Aug 12 00:23:39 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/ip_gre.c Sun Aug 13 03:29:08 2000
@@ -485,7 +485,7 @@
skb2->nh.raw = skb2->data;
/* Try to guess incoming interface */
- if (ip_route_output(&rt, eiph->saddr, 0, RT_TOS(eiph->tos), 0)) {
+ if (ip_route_output(&rt, eiph->saddr, 0, RT_TOS(eiph->tos), 0, 0)) {
kfree_skb(skb2);
return;
}
@@ -495,7 +495,7 @@
if (rt->rt_flags&RTCF_LOCAL) {
ip_rt_put(rt);
rt = NULL;
- if (ip_route_output(&rt, eiph->daddr, eiph->saddr, eiph->tos,
0) ||
+ if (ip_route_output(&rt, eiph->daddr, eiph->saddr, eiph->tos,
0, 0) ||
rt->u.dst.dev->type != ARPHRD_IPGRE) {
ip_rt_put(rt);
kfree_skb(skb2);
@@ -729,7 +729,7 @@
tos &= ~1;
}
- if (ip_route_output(&rt, dst, tiph->saddr, RT_TOS(tos),
tunnel->parms.link)) {
+ if (ip_route_output(&rt, dst, tiph->saddr, RT_TOS(tos),
tunnel->parms.link, 0)) {
tunnel->stat.tx_carrier_errors++;
goto tx_error;
}
@@ -1080,7 +1080,7 @@
struct rtable *rt;
if (ip_route_output(&rt, t->parms.iph.daddr,
t->parms.iph.saddr,
RT_TOS(t->parms.iph.tos),
- t->parms.link)) {
+ t->parms.link, 0)) {
MOD_DEC_USE_COUNT;
return -EADDRNOTAVAIL;
}
@@ -1153,7 +1153,7 @@
if (iph->daddr) {
struct rtable *rt;
- if (!ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), tunnel->parms.link)) {
+ if (!ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), tunnel->parms.link, 0)) {
tdev = rt->u.dst.dev;
ip_rt_put(rt);
}
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/ip_output.c
working-2.4.0-test6-uml-cvs/net/ipv4/ip_output.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/ip_output.c Wed Apr 12 17:43:07 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/ip_output.c Sun Aug 13 03:29:42 2000
@@ -118,7 +118,8 @@
if (ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos) | RTO_CONN,
- skb->sk ? skb->sk->bound_dev_if : 0)) {
+ skb->sk ? skb->sk->bound_dev_if : 0,
+ skb->nfmark)) {
printk("route_me_harder: No more route.\n");
return -EINVAL;
}
@@ -404,7 +405,7 @@
*/
if (ip_route_output(&rt, daddr, sk->saddr,
RT_TOS(sk->protinfo.af_inet.tos) | RTO_CONN
| sk->localroute,
- sk->bound_dev_if))
+ sk->bound_dev_if, 0))
goto no_route;
__sk_dst_set(sk, &rt->u.dst);
}
@@ -987,7 +988,7 @@
daddr = replyopts.opt.faddr;
}
- if (ip_route_output(&rt, daddr, rt->rt_spec_dst,
RT_TOS(skb->nh.iph->tos), 0))
+ if (ip_route_output(&rt, daddr, rt->rt_spec_dst,
RT_TOS(skb->nh.iph->tos), 0, 0))
return;
/* And let IP do all the hard work.
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv4/ipip.c
working-2.4.0-test6-uml-cvs/net/ipv4/ipip.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/ipip.c Sat Aug 12 00:23:39 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/ipip.c Sun Aug 13 03:28:49 2000
@@ -419,7 +419,7 @@
skb2->nh.raw = skb2->data;
/* Try to guess incoming interface */
- if (ip_route_output(&rt, eiph->saddr, 0, RT_TOS(eiph->tos), 0)) {
+ if (ip_route_output(&rt, eiph->saddr, 0, RT_TOS(eiph->tos), 0, 0)) {
kfree_skb(skb2);
return;
}
@@ -429,7 +429,7 @@
if (rt->rt_flags&RTCF_LOCAL) {
ip_rt_put(rt);
rt = NULL;
- if (ip_route_output(&rt, eiph->daddr, eiph->saddr, eiph->tos,
0) ||
+ if (ip_route_output(&rt, eiph->daddr, eiph->saddr, eiph->tos,
0, 0) ||
rt->u.dst.dev->type != ARPHRD_IPGRE) {
ip_rt_put(rt);
kfree_skb(skb2);
@@ -556,7 +556,7 @@
goto tx_error_icmp;
}
- if (ip_route_output(&rt, dst, tiph->saddr, RT_TOS(tos),
tunnel->parms.link)) {
+ if (ip_route_output(&rt, dst, tiph->saddr, RT_TOS(tos),
tunnel->parms.link, 0)) {
tunnel->stat.tx_carrier_errors++;
goto tx_error_icmp;
}
@@ -813,7 +813,7 @@
if (iph->daddr) {
struct rtable *rt;
- if (!ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), tunnel->parms.link)) {
+ if (!ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), tunnel->parms.link, 0)) {
tdev = rt->u.dst.dev;
ip_rt_put(rt);
}
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv4/ipmr.c
working-2.4.0-test6-uml-cvs/net/ipv4/ipmr.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/ipmr.c Sat Aug 12 00:23:39 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/ipmr.c Sun Aug 13 03:29:23 2000
@@ -1142,11 +1142,11 @@
#endif
if (vif->flags&VIFF_TUNNEL) {
- if (ip_route_output(&rt, vif->remote, vif->local,
RT_TOS(iph->tos), vif->link))
+ if (ip_route_output(&rt, vif->remote, vif->local,
RT_TOS(iph->tos), vif->link, 0))
return;
encap = sizeof(struct iphdr);
} else {
- if (ip_route_output(&rt, iph->daddr, 0, RT_TOS(iph->tos),
vif->link))
+ if (ip_route_output(&rt, iph->daddr, 0, RT_TOS(iph->tos),
vif->link, 0))
return;
}
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_fw_compat_masq.c
working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_fw_compat_masq.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_fw_compat_masq.c Fri Jul
28 21:36:46 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_fw_compat_masq.c Sun Aug
13 03:30:35 2000
@@ -72,7 +72,8 @@
/* Pass 0 instead of saddr, since it's going to be changed
anyway. */
- if (ip_route_output(&rt, iph->daddr, 0, 0, 0) != 0) {
+ if (ip_route_output(&rt, iph->daddr, 0, 0, 0, (*pskb)->nfmark)
+ != 0) {
DEBUGP("ipnat_rule_masquerade: Can't reroute.\n");
return NF_DROP;
}
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_nat_core.c
working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_nat_core.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_nat_core.c Sat Aug 12
00:23:40 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ip_nat_core.c Sun Aug
13 03:30:41 2000
@@ -204,7 +204,7 @@
struct rtable *rt;
/* FIXME: IPTOS_TOS(iph->tos) --RR */
- if (ip_route_output(&rt, var_ip, 0, 0, 0) != 0) {
+ if (ip_route_output(&rt, var_ip, 0, 0, 0, 0) != 0) {
DEBUGP("do_extra_mangle: Can't get route to %u.%u.%u.%u\n",
IP_PARTS(var_ip));
return 0;
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MASQUERADE.c
working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MASQUERADE.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MASQUERADE.c Wed Jul
12 17:52:23 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MASQUERADE.c Sun Aug
13 03:31:04 2000
@@ -85,7 +85,7 @@
if (ip_route_output(&rt, (*pskb)->nh.iph->daddr,
0,
RT_TOS((*pskb)->nh.iph->tos)|RTO_CONN,
- out->ifindex) != 0) {
+ out->ifindex, (*pskb)->nfmark) != 0) {
/* Shouldn't happen */
printk("MASQUERADE: No route: Rusty's brain broke!\n");
return NF_DROP;
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MIRROR.c
working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MIRROR.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MIRROR.c Wed Jul 12
17:52:23 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_MIRROR.c Sun Aug 13
03:31:13 2000
@@ -44,7 +44,7 @@
/* Backwards */
if (ip_route_output(&rt, iph->saddr, iph->daddr,
RT_TOS(iph->tos) | RTO_CONN,
- 0)) {
+ 0, 0)) {
return 0;
}
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_REJECT.c
working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_REJECT.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_REJECT.c Fri Jul 28
21:36:46 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/netfilter/ipt_REJECT.c Sun Aug 13
03:31:19 2000
@@ -113,7 +113,7 @@
/* Routing */
if (ip_route_output(&rt, nskb->nh.iph->daddr, nskb->nh.iph->saddr,
RT_TOS(nskb->nh.iph->tos) | RTO_CONN,
- 0) != 0)
+ 0, 0) != 0)
goto free_nskb;
dst_release(nskb->dst);
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv4/raw.c
working-2.4.0-test6-uml-cvs/net/ipv4/raw.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/raw.c Wed Jul 12 17:52:23 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/raw.c Sun Aug 13 03:29:15 2000
@@ -400,7 +400,7 @@
rfh.saddr = sk->protinfo.af_inet.mc_addr;
}
- err = ip_route_output(&rt, daddr, rfh.saddr, tos, ipc.oif);
+ err = ip_route_output(&rt, daddr, rfh.saddr, tos, ipc.oif, 0);
if (err)
goto done;
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/syncookies.c
working-2.4.0-test6-uml-cvs/net/ipv4/syncookies.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/syncookies.c Sat Aug 12 00:23:40 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/syncookies.c Sun Aug 13 03:30:00 2000
@@ -181,7 +181,7 @@
opt->srr ? opt->faddr : req->af.v4_req.rmt_addr,
req->af.v4_req.loc_addr,
sk->protinfo.af_inet.tos | RTO_CONN,
- 0)) {
+ 0, 0)) {
tcp_openreq_free(req);
return NULL;
}
diff -ur -X /tmp/filej6zXhl --minimal
linux-2.4.0-test6-uml-cvs/net/ipv4/tcp_ipv4.c
working-2.4.0-test6-uml-cvs/net/ipv4/tcp_ipv4.c
--- linux-2.4.0-test6-uml-cvs/net/ipv4/tcp_ipv4.c Sat Aug 12 00:23:40 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv4/tcp_ipv4.c Sun Aug 13 03:29:54 2000
@@ -1175,10 +1175,10 @@
opt = req->af.v4_req.opt;
if(ip_route_output(&rt, ((opt && opt->srr) ?
opt->faddr :
- req->af.v4_req.rmt_addr),
+ req->af.v4_req.rmt_addr,),
req->af.v4_req.loc_addr,
RT_TOS(sk->protinfo.af_inet.tos) | RTO_CONN |
sk->localroute,
- sk->bound_dev_if)) {
+ sk->bound_dev_if, 0)) {
IP_INC_STATS_BH(IpOutNoRoutes);
return NULL;
}
@@ -1746,7 +1746,7 @@
err = ip_route_output(&rt, daddr, sk->saddr,
RT_TOS(sk->protinfo.af_inet.tos) |
RTO_CONN | sk->localroute,
- sk->bound_dev_if);
+ sk->bound_dev_if, 0);
if (err) {
sk->err_soft=-err;
sk->error_report(sk);
diff -ur -X /tmp/filej6zXhl --minimal linux-2.4.0-test6-uml-cvs/net/ipv6/sit.c
working-2.4.0-test6-uml-cvs/net/ipv6/sit.c
--- linux-2.4.0-test6-uml-cvs/net/ipv6/sit.c Sat Aug 12 00:23:40 2000
+++ working-2.4.0-test6-uml-cvs/net/ipv6/sit.c Sun Aug 13 03:31:46 2000
@@ -474,7 +474,7 @@
dst = addr6->s6_addr32[3];
}
- if (ip_route_output(&rt, dst, tiph->saddr, RT_TOS(tos),
tunnel->parms.link)) {
+ if (ip_route_output(&rt, dst, tiph->saddr, RT_TOS(tos),
tunnel->parms.link, 0)) {
tunnel->stat.tx_carrier_errors++;
goto tx_error_icmp;
}
@@ -740,7 +740,7 @@
if (iph->daddr) {
struct rtable *rt;
- if (!ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), tunnel->parms.link)) {
+ if (!ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), tunnel->parms.link, 0)) {
tdev = rt->u.dst.dev;
ip_rt_put(rt);
}
--
Hacking time.
|