1 files changed, 39 insertions, 47 deletions

diff --git a/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch b/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
index 1397580382..a022c2c556 100644
--- a/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
+++ b/target/linux/generic/pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
@@ -20,9 +20,9 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
 
 --- a/include/net/netns/ipv6.h
 +++ b/include/net/netns/ipv6.h
-@@ -69,6 +69,7 @@ struct netns_ipv6 {
- #ifdef CONFIG_IPV6_MULTIPLE_TABLES
- 	bool			 fib6_has_custom_rules;
+@@ -78,6 +78,7 @@ struct netns_ipv6 {
+ 	unsigned int		fib6_rules_require_fldissect;
+ 	bool			fib6_has_custom_rules;
  	struct rt6_info         *ip6_prohibit_entry;
 +	struct rt6_info		*ip6_policy_failed_entry;
  	struct rt6_info         *ip6_blk_hole_entry;
@@ -30,7 +30,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  	struct fib_rules_ops    *fib6_rules_ops;
 --- a/include/uapi/linux/fib_rules.h
 +++ b/include/uapi/linux/fib_rules.h
-@@ -73,6 +73,10 @@ enum {
+@@ -82,6 +82,10 @@ enum {
  	FR_ACT_BLACKHOLE,	/* Drop without notification */
  	FR_ACT_UNREACHABLE,	/* Drop with ENETUNREACH */
  	FR_ACT_PROHIBIT,	/* Drop with EACCES */
@@ -43,7 +43,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  
 --- a/include/uapi/linux/rtnetlink.h
 +++ b/include/uapi/linux/rtnetlink.h
-@@ -221,6 +221,7 @@ enum {
+@@ -228,6 +228,7 @@ enum {
  	RTN_THROW,		/* Not in this table		*/
  	RTN_NAT,		/* Translate this address	*/
  	RTN_XRESOLVE,		/* Use external resolver	*/
@@ -66,7 +66,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  static void rt_fibinfo_free(struct rtable __rcu **rtp)
 --- a/net/ipv4/fib_trie.c
 +++ b/net/ipv4/fib_trie.c
-@@ -2460,6 +2460,7 @@ static const char *const rtn_type_names[
+@@ -2465,6 +2465,7 @@ static const char *const rtn_type_names[
  	[RTN_THROW] = "THROW",
  	[RTN_NAT] = "NAT",
  	[RTN_XRESOLVE] = "XRESOLVE",
@@ -76,7 +76,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  static inline const char *rtn_type(char *buf, size_t len, unsigned int t)
 --- a/net/ipv4/ipmr.c
 +++ b/net/ipv4/ipmr.c
-@@ -161,6 +161,7 @@ static int ipmr_rule_action(struct fib_r
+@@ -177,6 +177,7 @@ static int ipmr_rule_action(struct fib_r
  	case FR_ACT_UNREACHABLE:
  		return -ENETUNREACH;
  	case FR_ACT_PROHIBIT:
@@ -86,7 +86,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  	default:
 --- a/net/ipv6/fib6_rules.c
 +++ b/net/ipv6/fib6_rules.c
-@@ -121,6 +121,10 @@ static int fib6_rule_action(struct fib_r
+@@ -221,6 +221,10 @@ static int __fib6_rule_action(struct fib
  		err = -EACCES;
  		rt = net->ipv6.ip6_prohibit_entry;
  		goto discard_pkt;
@@ -99,7 +99,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  	tb_id = fib_rule_get_table(rule, arg);
 --- a/net/ipv6/ip6mr.c
 +++ b/net/ipv6/ip6mr.c
-@@ -168,6 +168,8 @@ static int ip6mr_rule_action(struct fib_
+@@ -159,6 +159,8 @@ static int ip6mr_rule_action(struct fib_
  		return -ENETUNREACH;
  	case FR_ACT_PROHIBIT:
  		return -EACCES;
@@ -110,7 +110,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  		return -EINVAL;
 --- a/net/ipv6/route.c
 +++ b/net/ipv6/route.c
-@@ -91,6 +91,8 @@ static int		ip6_pkt_discard(struct sk_bu
+@@ -97,6 +97,8 @@ static int		ip6_pkt_discard(struct sk_bu
  static int		ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb);
  static int		ip6_pkt_prohibit(struct sk_buff *skb);
  static int		ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb);
@@ -119,8 +119,8 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  static void		ip6_link_failure(struct sk_buff *skb);
  static void		ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
  					   struct sk_buff *skb, u32 mtu);
-@@ -321,6 +323,21 @@ static const struct rt6_info ip6_prohibi
- 	.rt6i_ref	= ATOMIC_INIT(1),
+@@ -324,6 +326,18 @@ static const struct rt6_info ip6_prohibi
+ 	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
  };
  
 +static const struct rt6_info ip6_policy_failed_entry_template = {
@@ -133,27 +133,31 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
 +		.output		= ip6_pkt_policy_failed_out,
 +	},
 +	.rt6i_flags	= (RTF_REJECT | RTF_NONEXTHOP),
-+	.rt6i_protocol	= RTPROT_KERNEL,
-+	.rt6i_metric	= ~(u32) 0,
-+	.rt6i_ref	= ATOMIC_INIT(1),
 +};
 +
  static const struct rt6_info ip6_blk_hole_entry_template = {
  	.dst = {
  		.__refcnt	= ATOMIC_INIT(1),
-@@ -2046,6 +2063,11 @@ static struct rt6_info *ip6_route_info_c
- 			rt->dst.output = ip6_pkt_prohibit_out;
- 			rt->dst.input = ip6_pkt_prohibit;
- 			break;
-+		case RTN_POLICY_FAILED:
-+			rt->dst.error = -EACCES;
-+			rt->dst.output = ip6_pkt_policy_failed_out;
-+			rt->dst.input = ip6_pkt_policy_failed;
-+			break;
- 		case RTN_THROW:
- 		case RTN_UNREACHABLE:
- 		default:
-@@ -2771,6 +2793,17 @@ static int ip6_pkt_prohibit_out(struct n
+@@ -901,6 +915,7 @@ static const int fib6_prop[RTN_MAX + 1]
+ 	[RTN_BLACKHOLE]	= -EINVAL,
+ 	[RTN_UNREACHABLE] = -EHOSTUNREACH,
+ 	[RTN_PROHIBIT]	= -EACCES,
++	[RTN_POLICY_FAILED] = -EACCES,
+ 	[RTN_THROW]	= -EAGAIN,
+ 	[RTN_NAT]	= -EINVAL,
+ 	[RTN_XRESOLVE]	= -EINVAL,
+@@ -938,6 +953,10 @@ static void ip6_rt_init_dst_reject(struc
+ 		rt->dst.output = ip6_pkt_prohibit_out;
+ 		rt->dst.input = ip6_pkt_prohibit;
+ 		break;
++	case RTN_POLICY_FAILED:
++		rt->dst.output = ip6_pkt_policy_failed_out;
++		rt->dst.input = ip6_pkt_policy_failed;
++		break;
+ 	case RTN_THROW:
+ 	case RTN_UNREACHABLE:
+ 	default:
+@@ -3745,6 +3764,17 @@ static int ip6_pkt_prohibit_out(struct n
  	return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
  }
  
@@ -171,7 +175,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  /*
   *	Allocate a dst for local (unicast / anycast) address.
   */
-@@ -3007,7 +3040,8 @@ static int rtm_to_fib6_config(struct sk_
+@@ -4192,7 +4222,8 @@ static int rtm_to_fib6_config(struct sk_
  	if (rtm->rtm_type == RTN_UNREACHABLE ||
  	    rtm->rtm_type == RTN_BLACKHOLE ||
  	    rtm->rtm_type == RTN_PROHIBIT ||
@@ -181,17 +185,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  		cfg->fc_flags |= RTF_REJECT;
  
  	if (rtm->rtm_type == RTN_LOCAL)
-@@ -3502,6 +3536,9 @@ static int rt6_fill_node(struct net *net
- 		case -EACCES:
- 			rtm->rtm_type = RTN_PROHIBIT;
- 			break;
-+		case -EPERM:
-+			rtm->rtm_type = RTN_POLICY_FAILED;
-+			break;
- 		case -EAGAIN:
- 			rtm->rtm_type = RTN_THROW;
- 			break;
-@@ -3820,6 +3857,8 @@ static int ip6_route_dev_notify(struct n
+@@ -5031,6 +5062,8 @@ static int ip6_route_dev_notify(struct n
  #ifdef CONFIG_IPV6_MULTIPLE_TABLES
  		net->ipv6.ip6_prohibit_entry->dst.dev = dev;
  		net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
@@ -200,7 +194,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  		net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
  		net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
  #endif
-@@ -3831,6 +3870,7 @@ static int ip6_route_dev_notify(struct n
+@@ -5042,6 +5075,7 @@ static int ip6_route_dev_notify(struct n
  		in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev);
  #ifdef CONFIG_IPV6_MULTIPLE_TABLES
  		in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev);
@@ -208,7 +202,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  		in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev);
  #endif
  	}
-@@ -4047,6 +4087,17 @@ static int __net_init ip6_route_net_init
+@@ -5236,6 +5270,15 @@ static int __net_init ip6_route_net_init
  	net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
  	dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
  			 ip6_template_metrics, true);
@@ -218,15 +212,13 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
 +			sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL);
 +	if (!net->ipv6.ip6_policy_failed_entry)
 +		goto out_ip6_blk_hole_entry;
-+	net->ipv6.ip6_policy_failed_entry->dst.path =
-+		(struct dst_entry *)net->ipv6.ip6_policy_failed_entry;
 +	net->ipv6.ip6_policy_failed_entry->dst.ops = &net->ipv6.ip6_dst_ops;
 +	dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst,
 +			 ip6_template_metrics, true);
  #endif
  
  	net->ipv6.sysctl.flush_delay = 0;
-@@ -4065,6 +4116,8 @@ out:
+@@ -5254,6 +5297,8 @@ out:
  	return ret;
  
  #ifdef CONFIG_IPV6_MULTIPLE_TABLES
@@ -235,7 +227,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  out_ip6_prohibit_entry:
  	kfree(net->ipv6.ip6_prohibit_entry);
  out_ip6_null_entry:
-@@ -4082,6 +4135,7 @@ static void __net_exit ip6_route_net_exi
+@@ -5274,6 +5319,7 @@ static void __net_exit ip6_route_net_exi
  #ifdef CONFIG_IPV6_MULTIPLE_TABLES
  	kfree(net->ipv6.ip6_prohibit_entry);
  	kfree(net->ipv6.ip6_blk_hole_entry);
@@ -243,7 +235,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
  #endif
  	dst_entries_destroy(&net->ipv6.ip6_dst_ops);
  }
-@@ -4155,6 +4209,9 @@ void __init ip6_route_init_special_entri
+@@ -5350,6 +5396,9 @@ void __init ip6_route_init_special_entri
  	init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
  	init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
  	init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);