aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch')
-rw-r--r--target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch80
1 files changed, 48 insertions, 32 deletions
diff --git a/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch b/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
index c35aca8a18..022537da70 100644
--- a/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
+++ b/target/linux/generic/pending-5.4/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
@@ -20,7 +20,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
-@@ -78,6 +78,7 @@ struct netns_ipv6 {
+@@ -84,6 +84,7 @@ struct netns_ipv6 {
unsigned int fib6_rules_require_fldissect;
bool fib6_has_custom_rules;
struct rt6_info *ip6_prohibit_entry;
@@ -43,7 +43,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
--- a/include/uapi/linux/rtnetlink.h
+++ b/include/uapi/linux/rtnetlink.h
-@@ -228,6 +228,7 @@ enum {
+@@ -235,6 +235,7 @@ enum {
RTN_THROW, /* Not in this table */
RTN_NAT, /* Translate this address */
RTN_XRESOLVE, /* Use external resolver */
@@ -53,7 +53,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
-@@ -139,6 +139,10 @@ const struct fib_prop fib_props[RTN_MAX
+@@ -141,6 +141,10 @@ const struct fib_prop fib_props[RTN_MAX
.error = -EINVAL,
.scope = RT_SCOPE_NOWHERE,
},
@@ -66,7 +66,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
static void rt_fibinfo_free(struct rtable __rcu **rtp)
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
-@@ -2474,6 +2474,7 @@ static const char *const rtn_type_names[
+@@ -2592,6 +2592,7 @@ static const char *const rtn_type_names[
[RTN_THROW] = "THROW",
[RTN_NAT] = "NAT",
[RTN_XRESOLVE] = "XRESOLVE",
@@ -76,7 +76,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
static inline const char *rtn_type(char *buf, size_t len, unsigned int t)
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
-@@ -179,6 +179,7 @@ static int ipmr_rule_action(struct fib_r
+@@ -173,6 +173,7 @@ static int ipmr_rule_action(struct fib_r
case FR_ACT_UNREACHABLE:
return -ENETUNREACH;
case FR_ACT_PROHIBIT:
@@ -86,7 +86,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
default:
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
-@@ -221,6 +221,10 @@ static int __fib6_rule_action(struct fib
+@@ -216,6 +216,10 @@ static int __fib6_rule_action(struct fib
err = -EACCES;
rt = net->ipv6.ip6_prohibit_entry;
goto discard_pkt;
@@ -99,7 +99,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
tb_id = fib_rule_get_table(rule, arg);
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
-@@ -162,6 +162,8 @@ static int ip6mr_rule_action(struct fib_
+@@ -161,6 +161,8 @@ static int ip6mr_rule_action(struct fib_
return -ENETUNREACH;
case FR_ACT_PROHIBIT:
return -EACCES;
@@ -110,7 +110,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
return -EINVAL;
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -97,6 +97,8 @@ static int ip6_pkt_discard(struct sk_bu
+@@ -93,6 +93,8 @@ static int ip6_pkt_discard(struct sk_bu
static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb);
static int ip6_pkt_prohibit(struct sk_buff *skb);
static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff *skb);
@@ -119,7 +119,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
static void ip6_link_failure(struct sk_buff *skb);
static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
struct sk_buff *skb, u32 mtu,
-@@ -328,6 +330,18 @@ static const struct rt6_info ip6_prohibi
+@@ -326,6 +328,18 @@ static const struct rt6_info ip6_prohibi
.rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
};
@@ -138,7 +138,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
static const struct rt6_info ip6_blk_hole_entry_template = {
.dst = {
.__refcnt = ATOMIC_INIT(1),
-@@ -906,6 +920,7 @@ static const int fib6_prop[RTN_MAX + 1]
+@@ -1044,6 +1058,7 @@ static const int fib6_prop[RTN_MAX + 1]
[RTN_BLACKHOLE] = -EINVAL,
[RTN_UNREACHABLE] = -EHOSTUNREACH,
[RTN_PROHIBIT] = -EACCES,
@@ -146,7 +146,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
[RTN_THROW] = -EAGAIN,
[RTN_NAT] = -EINVAL,
[RTN_XRESOLVE] = -EINVAL,
-@@ -943,6 +958,10 @@ static void ip6_rt_init_dst_reject(struc
+@@ -1081,6 +1096,10 @@ static void ip6_rt_init_dst_reject(struc
rt->dst.output = ip6_pkt_prohibit_out;
rt->dst.input = ip6_pkt_prohibit;
break;
@@ -157,7 +157,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
case RTN_THROW:
case RTN_UNREACHABLE:
default:
-@@ -3789,6 +3808,17 @@ static int ip6_pkt_prohibit_out(struct n
+@@ -4389,6 +4408,17 @@ static int ip6_pkt_prohibit_out(struct n
return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
}
@@ -175,7 +175,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
/*
* Allocate a dst for local (unicast / anycast) address.
*/
-@@ -4236,7 +4266,8 @@ static int rtm_to_fib6_config(struct sk_
+@@ -4869,7 +4899,8 @@ static int rtm_to_fib6_config(struct sk_
if (rtm->rtm_type == RTN_UNREACHABLE ||
rtm->rtm_type == RTN_BLACKHOLE ||
rtm->rtm_type == RTN_PROHIBIT ||
@@ -185,7 +185,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
cfg->fc_flags |= RTF_REJECT;
if (rtm->rtm_type == RTN_LOCAL)
-@@ -5084,6 +5115,8 @@ static int ip6_route_dev_notify(struct n
+@@ -5988,6 +6019,8 @@ static int ip6_route_dev_notify(struct n
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
net->ipv6.ip6_prohibit_entry->dst.dev = dev;
net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
@@ -194,7 +194,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
#endif
-@@ -5095,6 +5128,7 @@ static int ip6_route_dev_notify(struct n
+@@ -5999,6 +6032,7 @@ static int ip6_route_dev_notify(struct n
in6_dev_put_clear(&net->ipv6.ip6_null_entry->rt6i_idev);
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
in6_dev_put_clear(&net->ipv6.ip6_prohibit_entry->rt6i_idev);
@@ -202,40 +202,56 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
in6_dev_put_clear(&net->ipv6.ip6_blk_hole_entry->rt6i_idev);
#endif
}
-@@ -5289,6 +5323,15 @@ static int __net_init ip6_route_net_init
- net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
- dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
- ip6_template_metrics, true);
+@@ -6191,6 +6225,8 @@ static int __net_init ip6_route_net_init
+
+ #ifdef CONFIG_IPV6_MULTIPLE_TABLES
+ net->ipv6.fib6_has_custom_rules = false;
+
++
+ net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template,
+ sizeof(*net->ipv6.ip6_prohibit_entry),
+ GFP_KERNEL);
+@@ -6201,11 +6237,21 @@ static int __net_init ip6_route_net_init
+ ip6_template_metrics, true);
+ INIT_LIST_HEAD(&net->ipv6.ip6_prohibit_entry->rt6i_uncached);
+
+ net->ipv6.ip6_policy_failed_entry =
-+ kmemdup(&ip6_policy_failed_entry_template,
-+ sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL);
++ kmemdup(&ip6_policy_failed_entry_template,
++ sizeof(*net->ipv6.ip6_policy_failed_entry), GFP_KERNEL);
+ if (!net->ipv6.ip6_policy_failed_entry)
-+ goto out_ip6_blk_hole_entry;
++ goto out_ip6_prohibit_entry;
+ net->ipv6.ip6_policy_failed_entry->dst.ops = &net->ipv6.ip6_dst_ops;
+ dst_init_metrics(&net->ipv6.ip6_policy_failed_entry->dst,
+ ip6_template_metrics, true);
- #endif
-
- net->ipv6.sysctl.flush_delay = 0;
-@@ -5307,6 +5350,8 @@ out:
++ INIT_LIST_HEAD(&net->ipv6.ip6_policy_failed_entry->rt6i_uncached);
++
+ net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template,
+ sizeof(*net->ipv6.ip6_blk_hole_entry),
+ GFP_KERNEL);
+ if (!net->ipv6.ip6_blk_hole_entry)
+- goto out_ip6_prohibit_entry;
++ goto out_ip6_policy_failed_entry;
+ net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
+ dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
+ ip6_template_metrics, true);
+@@ -6229,6 +6275,8 @@ out:
return ret;
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
-+out_ip6_blk_hole_entry:
-+ kfree(net->ipv6.ip6_blk_hole_entry);
++out_ip6_policy_failed_entry:
++ kfree(net->ipv6.ip6_policy_failed_entry);
out_ip6_prohibit_entry:
kfree(net->ipv6.ip6_prohibit_entry);
out_ip6_null_entry:
-@@ -5327,6 +5372,7 @@ static void __net_exit ip6_route_net_exi
+@@ -6248,6 +6296,7 @@ static void __net_exit ip6_route_net_exi
+ kfree(net->ipv6.ip6_null_entry);
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
kfree(net->ipv6.ip6_prohibit_entry);
- kfree(net->ipv6.ip6_blk_hole_entry);
+ kfree(net->ipv6.ip6_policy_failed_entry);
+ kfree(net->ipv6.ip6_blk_hole_entry);
#endif
dst_entries_destroy(&net->ipv6.ip6_dst_ops);
- }
-@@ -5403,6 +5449,9 @@ void __init ip6_route_init_special_entri
+@@ -6325,6 +6374,9 @@ void __init ip6_route_init_special_entri
init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);