diff options
Diffstat (limited to 'target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch')
-rw-r--r-- | target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch | 80 |
1 files changed, 48 insertions, 32 deletions
diff --git a/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch b/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch index c35aca8a18..022537da70 100644 --- a/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch +++ b/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch @@ -20,7 +20,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h -@@ -78,6 +78,7 @@ struct netns_ipv6 { +@@ -84,6 +84,7 @@ struct netns_ipv6 { unsigned int fib6_rules_require_fldissect; bool fib6_has_custom_rules; struct rt6_info *ip6_prohibit_entry; @@ -43,7 +43,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h -@@ -228,6 +228,7 @@ enum { +@@ -235,6 +235,7 @@ enum { RTN_THROW, /* Not in this table */ RTN_NAT, /* Translate this address */ RTN_XRESOLVE, /* Use external resolver */ @@ -53,7 +53,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c -@@ -139,6 +139,10 @@ const struct fib_prop fib_props[RTN_MAX +@@ -141,6 +141,10 @@ const struct fib_prop fib_props[RTN_MAX .error = -EINVAL, .scope = RT_SCOPE_NOWHERE, }, @@ -66,7 +66,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> static void rt_fibinfo_free(struct rtable __rcu **rtp) --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c -@@ -2474,6 +2474,7 @@ static const char *const rtn_type_names[ +@@ -2592,6 +2592,7 @@ static const char *const rtn_type_names[ [RTN_THROW] = "THROW", [RTN_NAT] = "NAT", [RTN_XRESOLVE] = "XRESOLVE", @@ -76,7 +76,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> static inline const char *rtn_type(char *buf, size_t len, unsigned int t) --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c -@@ -179,6 +179,7 @@ static int ipmr_rule_action(struct fib_r +@@ -173,6 +173,7 @@ static int ipmr_rule_action(struct fib_r case FR_ACT_UNREACHABLE: return -ENETUNREACH; case FR_ACT_PROHIBIT: @@ -86,7 +86,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> default: --- a/net/ipv6/fib6_rules.c +++ b/net/ipv6/fib6_rules.c -@@ -221,6 +221,10 @@ static int __fib6_rule_action(struct fib +@@ -216,6 +216,10 @@ static int __fib6_rule_action(struct fib err = -EACCES; rt = net->ipv6.ip6_prohibit_entry; goto discard_pkt; @@ -99,7 +99,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> tb_id = fib_rule_get_table(rule, arg); --- a/net/ipv6/ip6mr.c +++ b/net/ipv6/ip6mr.c -@@ -162,6 +162,8 @@ static int ip6mr_rule_action(struct fib_ +@@ -161,6 +161,8 @@ static int ip6mr_rule_action(struct fib_ return -ENETUNREACH; case FR_ACT_PROHIBIT: return -EACCES; @@ -110,7 +110,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> return -EINVAL; --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -97,6 +97,8 @@ static int ip6_pkt_discard(struct sk_bu +@@ -93,6 +93,8 @@ static int ip6_pkt_discard(struct sk_bu static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb); static int ip6_pkt_prohibit(struct sk_buff *skb); static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb); @@ -119,7 +119,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> static void ip6_link_failure(struct sk_buff *skb); static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb, u32 mtu, -@@ -328,6 +330,18 @@ static const struct rt6_info ip6_prohibi +@@ -326,6 +328,18 @@ static const struct rt6_info ip6_prohibi .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), }; @@ -138,7 +138,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> static const struct rt6_info ip6_blk_hole_entry_template = { .dst = { .__refcnt = ATOMIC_INIT(1), -@@ -906,6 +920,7 @@ static const int fib6_prop[RTN_MAX + 1] +@@ -1044,6 +1058,7 @@ static const int fib6_prop[RTN_MAX + 1] [RTN_BLACKHOLE] = -EINVAL, [RTN_UNREACHABLE] = -EHOSTUNREACH, [RTN_PROHIBIT] = -EACCES, @@ -146,7 +146,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> [RTN_THROW] = -EAGAIN, [RTN_NAT] = -EINVAL, [RTN_XRESOLVE] = -EINVAL, -@@ -943,6 +958,10 @@ static void ip6_rt_init_dst_reject(struc +@@ -1081,6 +1096,10 @@ static void ip6_rt_init_dst_reject(struc rt->dst.output = ip6_pkt_prohibit_out; rt->dst.input = ip6_pkt_prohibit; break; @@ -157,7 +157,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> case RTN_THROW: case RTN_UNREACHABLE: default: -@@ -3789,6 +3808,17 @@ static int ip6_pkt_prohibit_out(struct n +@@ -4389,6 +4408,17 @@ static int ip6_pkt_prohibit_out(struct n return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES); } @@ -175,7 +175,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> /* * Allocate a dst for local (unicast / anycast) address. */ -@@ -4236,7 +4266,8 @@ static int rtm_to_fib6_config(struct sk_ +@@ -4869,7 +4899,8 @@ static int rtm_to_fib6_config(struct sk_ if (rtm->rtm_type == RTN_UNREACHABLE || rtm->rtm_type == RTN_BLACKHOLE || rtm->rtm_type == RTN_PROHIBIT || @@ -185,7 +185,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> cfg->fc_flags |= RTF_REJECT; if (rtm->rtm_type == RTN_LOCAL) -@@ -5084,6 +5115,8 @@ static int ip6_route_dev_notify(struct n +@@ -5988,6 +6019,8 @@ static int ip6_route_dev_notify(struct n #ifdef CONFIG_IPV6_MULTIPLE_TABLES net->ipv6.ip6_prohibit_entry->dst.dev = dev; net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev); @@ -194,7 +194,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> net->ipv6.ip6_blk_hole_entry->dst.dev = dev; net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev); #endif -@@ -5095,6 +5128,7 @@ static int ip6_route_dev_notify(struct n +@@ -5999,6 +6032,7 @@ static int ip6_route_dev_notify(struct n in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev); #ifdef CONFIG_IPV6_MULTIPLE_TABLES in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev); @@ -202,40 +202,56 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org> in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev); #endif } -@@ -5289,6 +5323,15 @@ static int __net_init ip6_route_net_init - net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; - dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, - ip6_template_metrics, true); +@@ -6191,6 +6225,8 @@ static int __net_init ip6_route_net_init + + #ifdef CONFIG_IPV6_MULTIPLE_TABLES + net->ipv6.fib6_has_custom_rules = false; + ++ + net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template, + sizeof(*net->ipv6.ip6_prohibit_entry), + GFP_KERNEL); +@@ -6201,11 +6237,21 @@ static int __net_init ip6_route_net_init + ip6_template_metrics, true); + INIT_LIST_HEAD(&net->ipv6.ip6_prohibit_entry->rt6i_uncached); + + net->ipv6.ip6_policy_failed_entry = -+ kmemdup(&ip6_policy_failed_entry_template, -+ sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL); ++ kmemdup(&ip6_policy_failed_entry_template, ++ sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL); + if (!net->ipv6.ip6_policy_failed_entry) -+ goto out_ip6_blk_hole_entry; ++ goto out_ip6_prohibit_entry; + net->ipv6.ip6_policy_failed_entry->dst.ops = &net->ipv6.ip6_dst_ops; + dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst, + ip6_template_metrics, true); - #endif - - net->ipv6.sysctl.flush_delay = 0; -@@ -5307,6 +5350,8 @@ out: ++ INIT_LIST_HEAD(&net->ipv6.ip6_policy_failed_entry->rt6i_uncached); ++ + net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template, + sizeof(*net->ipv6.ip6_blk_hole_entry), + GFP_KERNEL); + if (!net->ipv6.ip6_blk_hole_entry) +- goto out_ip6_prohibit_entry; ++ goto out_ip6_policy_failed_entry; + net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops; + dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst, + ip6_template_metrics, true); +@@ -6229,6 +6275,8 @@ out: return ret; #ifdef CONFIG_IPV6_MULTIPLE_TABLES -+out_ip6_blk_hole_entry: -+ kfree(net->ipv6.ip6_blk_hole_entry); ++out_ip6_policy_failed_entry: ++ kfree(net->ipv6.ip6_policy_failed_entry); out_ip6_prohibit_entry: kfree(net->ipv6.ip6_prohibit_entry); out_ip6_null_entry: -@@ -5327,6 +5372,7 @@ static void __net_exit ip6_route_net_exi +@@ -6248,6 +6296,7 @@ static void __net_exit ip6_route_net_exi + kfree(net->ipv6.ip6_null_entry); #ifdef CONFIG_IPV6_MULTIPLE_TABLES kfree(net->ipv6.ip6_prohibit_entry); - kfree(net->ipv6.ip6_blk_hole_entry); + kfree(net->ipv6.ip6_policy_failed_entry); + kfree(net->ipv6.ip6_blk_hole_entry); #endif dst_entries_destroy(&net->ipv6.ip6_dst_ops); - } -@@ -5403,6 +5449,9 @@ void __init ip6_route_init_special_entri +@@ -6325,6 +6374,9 @@ void __init ip6_route_init_special_entri init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev; init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev); |