aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
Commit message (Expand)AuthorAgeFilesLines
* scripts/metadata.pm: allow group-only Require-User specsMatthias Schiffer2018-02-261-2/+4
* build: cleanup leftover qconf filesAlif M. Ahmad2018-02-131-1/+1
* build: bundle-libraries.sh: patch bundled ld.soJo-Philipp Wich2018-02-021-0/+13
* scripts/qemustart: more portable array operationYousong Zhou2018-01-311-4/+4
* metadata: do not emit broken kconfig dependency statementsJo-Philipp Wich2018-01-141-1/+1
* scripts/feeds: fix install of packages with different source/binary namesMatthias Schiffer2018-01-141-1/+1
* metadata: improve code readability by using (s)printf instead of string inter...Matthias Schiffer2018-01-131-13/+13
* build: remove obsolete "package feature" featureMatthias Schiffer2018-01-132-48/+1
* metadata: scripts/feeds: distinguish between source and binary packages, reso...Matthias Schiffer2018-01-132-70/+112
* metadata: always resolve dependencies through provides listMatthias Schiffer2018-01-133-46/+35
* metadata: simplify generation of build depends from runtime dependsMatthias Schiffer2018-01-131-71/+41
* metadata: handle target build depends together with host build dependsMatthias Schiffer2018-01-131-32/+28
* build: remove package preconfig featureMatthias Schiffer2018-01-132-55/+1
* metadata: remove redundant fields from package hashMatthias Schiffer2018-01-133-8/+9
* metadata: replace %subdir hash with a path field in source packagesMatthias Schiffer2018-01-132-22/+15
* metadata: change pkg->{src} field to hold a referenceMatthias Schiffer2018-01-133-35/+34
* metadata: interate over source packages when generating MakefileMatthias Schiffer2018-01-132-26/+36
* metadata: move 'builddepends' from binary to source packagesMatthias Schiffer2018-01-133-21/+21
* metadata: move 'buildtypes' from binary to source packagesMatthias Schiffer2018-01-132-8/+9
* metadata: make srcpackage extensibleMatthias Schiffer2018-01-133-4/+6
* metadata: remove 'base-files' special caseMatthias Schiffer2018-01-131-1/+1
* om-fwupgradecfg-gen.sh: add support for the A42Sven Eckelmann2018-01-131-4/+18
* combined-ext-image.sh: generate image in temp dirSven Eckelmann2018-01-131-6/+23
* scripts/package-metadata.pl: remove broken detection of self-dependenciesMatthias Schiffer2018-01-041-5/+0
* base-files: allow skipping of hash verificationJo-Philipp Wich2017-12-141-1/+1
* merge: targets: update image generation and targetsZoltan HERPAI2017-12-082-7/+7
* merge: base: update base-files and basic configZoltan HERPAI2017-12-082-2/+2
* scripts/config: add qconf files to .gitignoreAlif M. Ahmad2017-11-021-0/+6
* scripts/config: Add qconf target to MakefileAlif M. Ahmad2017-11-021-0/+56
* scripts/config: add -DKBUILD_NO_NLS to CXXFLAGSFelix Fietkau2017-11-021-0/+1
* scripts/config: import qconfAlif M. Ahmad2017-11-023-0/+2526
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-131-1/+1
* scripts/download.pl: fail loudly if provided hash is unsupportedBaptiste Jonglez2017-09-111-0/+1
* scripts/dowload.pl: use glob to expand target dirZoltan Gyarmati2017-08-301-1/+1
* scripts/package-metadata.pl: inhibit compile deps on missing build typesJo-Philipp Wich2017-07-271-6/+25
* build: bundle-libraries.sh: do not override argv[0] in inner exec callsJo-Philipp Wich2017-07-241-1/+3
* scripts/download.pl: Adjust URLsDaniel Engberg2017-07-211-5/+5
* build: fix invocation of bundled ld.so in SDK and ImagebuilderJo-Philipp Wich2017-07-211-15/+18
* scripts/gen_image_generic.sh: drop NOGRUB variableStijn Tintel2017-07-141-2/+0
* scripts/gen_image_generic.sh: move from x86/imageStijn Tintel2017-07-141-0/+37
* scripts: make all scripts executableStijn Tintel2017-07-142-0/+0
* scripts/openbsd.sh: remove scriptStijn Tintel2017-07-141-24/+0
* scripts/package-metadata.pl: parse and validate field Require-UserYousong Zhou2017-06-182-1/+83
* scripts/download.pl: print the command used to download filesFelix Fietkau2017-05-251-0/+1
* scripts: Probe external toolchains for libthread-dbFlorian Fainelli2017-05-111-0/+1
* scripts: Probe external toolchains for libgompFlorian Fainelli2017-05-111-1/+2
* build: remove absolute path to perl and replace with /usr/bin/env perlBastian Köcher2017-05-024-4/+7
* scripts/qemustart: initial versionYousong Zhou2017-04-231-0/+281
* scripts/download.pl: fix error message on hash mismatchFelix Fietkau2017-04-041-1/+1
* scripts: only generate config from feature flag if fully matchHauke Mehrtens2017-03-201-31/+31
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-07 20:25:08 +0000
static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb); +static int ip6_pkt_policy_failed(struct sk_buff *skb); +static int ip6_pkt_policy_failed_out(struct net *net, struct sock *sk, struct sk_buff *skb); static void ip6_link_failure(struct sk_buff *skb); static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb, u32 mtu, @@ -310,6 +312,18 @@ static const struct rt6_info ip6_prohibi .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), }; +static const struct rt6_info ip6_policy_failed_entry_template = { + .dst = { + .__refcnt = ATOMIC_INIT(1), + .__use = 1, + .obsolete = DST_OBSOLETE_FORCE_CHK, + .error = -EACCES, + .input = ip6_pkt_policy_failed, + .output = ip6_pkt_policy_failed_out, + }, + .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), +}; + static const struct rt6_info ip6_blk_hole_entry_template = { .dst = { .__refcnt = ATOMIC_INIT(1), @@ -1031,6 +1045,7 @@ static const int fib6_prop[RTN_MAX + 1] [RTN_BLACKHOLE] = -EINVAL, [RTN_UNREACHABLE] = -EHOSTUNREACH, [RTN_PROHIBIT] = -EACCES, + [RTN_POLICY_FAILED] = -EACCES, [RTN_THROW] = -EAGAIN, [RTN_NAT] = -EINVAL, [RTN_XRESOLVE] = -EINVAL, @@ -1066,6 +1081,10 @@ static void ip6_rt_init_dst_reject(struc rt->dst.output = ip6_pkt_prohibit_out; rt->dst.input = ip6_pkt_prohibit; break; + case RTN_POLICY_FAILED: + rt->dst.output = ip6_pkt_policy_failed_out; + rt->dst.input = ip6_pkt_policy_failed; + break; case RTN_THROW: case RTN_UNREACHABLE: default: @@ -4449,6 +4468,17 @@ static int ip6_pkt_prohibit_out(struct n return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); } +static int ip6_pkt_policy_failed(struct sk_buff *skb) +{ + return ip6_pkt_drop(skb, ICMPV6_POLICY_FAIL, IPSTATS_MIB_INNOROUTES); +} + +static int ip6_pkt_policy_failed_out(struct net *net, struct sock *sk, struct sk_buff *skb) +{ + skb->dev = skb_dst(skb)->dev; + return ip6_pkt_drop(skb, ICMPV6_POLICY_FAIL, IPSTATS_MIB_OUTNOROUTES); +} + /* * Allocate a dst for local (unicast / anycast) address. */ @@ -4929,7 +4959,8 @@ static int rtm_to_fib6_config(struct sk_ if (rtm->rtm_type == RTN_UNREACHABLE || rtm->rtm_type == RTN_BLACKHOLE || rtm->rtm_type == RTN_PROHIBIT || - rtm->rtm_type == RTN_THROW) + rtm->rtm_type == RTN_THROW || + rtm->rtm_type == RTN_POLICY_FAILED) cfg->fc_flags |= RTF_REJECT; if (rtm->rtm_type == RTN_LOCAL) @@ -6128,6 +6159,8 @@ static int ip6_route_dev_notify(struct n #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.ip6_prohibit_entry->dst.dev = dev; net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); + net->ipv6.ip6_policy_failed_entry->dst.dev = dev; + net->ipv6.ip6_policy_failed_entry->rt6i_idev = in6_dev_get(dev); net->ipv6.ip6_blk_hole_entry->dst.dev = dev; net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); #endif @@ -6139,6 +6172,7 @@ static int ip6_route_dev_notify(struct n in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev); #ifdef CONFIG_IPV6_MULTIPLE_TABLES in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev); + in6_dev_put_clear(&net->ipv6.ip6_policy_failed_entry->rt6i_idev); in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev); #endif } @@ -6330,6 +6364,8 @@ static int __net_init ip6_route_net_init #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.fib6_has_custom_rules = false; + + net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template, sizeof(*net->ipv6.ip6_prohibit_entry), GFP_KERNEL); @@ -6340,11 +6376,21 @@ static int __net_init ip6_route_net_init ip6_template_metrics, true); INIT_LIST_HEAD(&net->ipv6.ip6_prohibit_entry->rt6i_uncached); + net->ipv6.ip6_policy_failed_entry = + kmemdup(&ip6_policy_failed_entry_template, + sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL); + if (!net->ipv6.ip6_policy_failed_entry) + goto out_ip6_prohibit_entry; + net->ipv6.ip6_policy_failed_entry->dst.ops = &net->ipv6.ip6_dst_ops; + dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst, + ip6_template_metrics, true); + INIT_LIST_HEAD(&net->ipv6.ip6_policy_failed_entry->rt6i_uncached); + net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template, sizeof(*net->ipv6.ip6_blk_hole_entry), GFP_KERNEL); if (!net->ipv6.ip6_blk_hole_entry) - goto out_ip6_prohibit_entry; + goto out_ip6_policy_failed_entry; net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, ip6_template_metrics, true); @@ -6371,6 +6417,8 @@ out: return ret; #ifdef CONFIG_IPV6_MULTIPLE_TABLES +out_ip6_policy_failed_entry: + kfree(net->ipv6.ip6_policy_failed_entry); out_ip6_prohibit_entry: kfree(net->ipv6.ip6_prohibit_entry); out_ip6_null_entry: @@ -6390,6 +6438,7 @@ static void __net_exit ip6_route_net_exi kfree(net->ipv6.ip6_null_entry); #ifdef CONFIG_IPV6_MULTIPLE_TABLES kfree(net->ipv6.ip6_prohibit_entry); + kfree(net->ipv6.ip6_policy_failed_entry); kfree(net->ipv6.ip6_blk_hole_entry); #endif dst_entries_destroy(&net->ipv6.ip6_dst_ops); @@ -6467,6 +6516,9 @@ void __init ip6_route_init_special_entri init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); + init_net.ipv6.ip6_policy_failed_entry->dst.dev = init_net.loopback_dev; + init_net.ipv6.ip6_policy_failed_entry->rt6i_idev = + in6_dev_get(init_net.loopback_dev); #endif }
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-07 20:25:08 +0000