superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include/net
History
Ido Schimmel 2d300ce0b7 net: fib_rules: Fix iif / oif matching on L3 master device 
Before commit 40867d74c3 ("net: Add l3mdev index to flow struct and
avoid oif reset for port devices") it was possible to use FIB rules to
match on a L3 domain. This was done by having a FIB rule match on iif /
oif being a L3 master device. It worked because prior to the FIB rule
lookup the iif / oif fields in the flow structure were reset to the
index of the L3 master device to which the input / output device was
enslaved to.

The above scheme made it impossible to match on the original input /
output device. Therefore, cited commit stopped overwriting the iif / oif
fields in the flow structure and instead stored the index of the
enslaving L3 master device in a new field ('flowi_l3mdev') in the flow
structure.

While the change enabled new use cases, it broke the original use case
of matching on a L3 domain. Fix this by interpreting the iif / oif
matching on a L3 master device as a match against the L3 domain. In
other words, if the iif / oif in the FIB rule points to a L3 master
device, compare the provided index against 'flowi_l3mdev' rather than
'flowi_{i,o}if'.

Before cited commit, a FIB rule that matched on 'iif vrf1' would only
match incoming traffic from devices enslaved to 'vrf1'. With the
proposed change (i.e., comparing against 'flowi_l3mdev'), the rule would
also match traffic originating from a socket bound to 'vrf1'. Avoid that
by adding a new flow flag ('FLOWI_FLAG_L3MDEV_OIF') that indicates if
the L3 domain was derived from the output interface or the input
interface (when not set) and take this flag into account when evaluating
the FIB rule against the flow structure.

Avoid unnecessary checks in the data path by detecting that a rule
matches on a L3 master device when the rule is installed and marking it
as such.

Tested using the following script [1].

Output before 40867d74c3 (v5.4.291):

default dev dummy1 table 100 scope link
default dev dummy1 table 200 scope link

Output after 40867d74c374:

default dev dummy1 table 300 scope link
default dev dummy1 table 300 scope link

Output with this patch:

default dev dummy1 table 100 scope link
default dev dummy1 table 200 scope link

[1]
 #!/bin/bash

 ip link add name vrf1 up type vrf table 10
 ip link add name dummy1 up master vrf1 type dummy

 sysctl -wq net.ipv4.conf.all.forwarding=1
 sysctl -wq net.ipv4.conf.all.rp_filter=0

 ip route add table 100 default dev dummy1
 ip route add table 200 default dev dummy1
 ip route add table 300 default dev dummy1

 ip rule add prio 0 oif vrf1 table 100
 ip rule add prio 1 iif vrf1 table 200
 ip rule add prio 2 table 300

 ip route get 192.0.2.1 oif dummy1 fibmatch
 ip route get 192.0.2.1 iif dummy1 from 198.51.100.1 fibmatch

Fixes: 40867d74c3 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices")
Reported-by: hanhuihui <hanhuihui5@huawei.com>
Closes: https://lore.kernel.org/netdev/ec671c4f821a4d63904d0da15d604b75@huawei.com/
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250414172022.242991-2-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-04-15 17:54:56 -07:00
..
9p netfs, 9p: Implement helpers for new write code 2024-05-01 18:07:37 +01:00
bluetooth Bluetooth: MGMT: Add LL Privacy Setting 2025-03-25 15:22:49 -04:00
caif caif: Remove unused cfsrvl_getphyid 2024-10-08 15:33:49 -07:00
iucv net: reformat kdoc return statements 2024-12-09 14:44:59 -08:00
libeth libeth: move idpf_rx_csum_decoded and idpf_rx_extracted 2025-02-14 10:58:08 -08:00
mana RDMA v6.15 merge window pull request 2025-03-29 11:12:28 -07:00
netfilter netfilter pull request 25-03-23 2025-03-25 08:29:13 -07:00
netns Revert "udp_tunnel: GRO optimizations" 2025-03-25 09:15:07 -07:00
nfc net: nfc: Propagate ISO14443 type A target ATS to userspace via netlink 2024-11-07 10:21:58 +01:00
page_pool net: move mp dev config validation to __net_mp_open_rxq() 2025-04-04 07:35:38 -07:00
phonet phonet: Convert phonet_routes.lock to spinlock_t. 2024-10-24 16:03:40 +02:00
sctp Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
tc_act net/sched: Retire ipt action 2024-01-02 12:41:16 +00:00
6lowpan.h
Space.h net: appletalk: remove cops support 2023-10-04 11:49:20 -07:00
act_api.h net/sched: act_api: unexport tcf_action_dump_1() 2024-10-23 11:43:47 +02:00
addrconf.h ipv6: Add __in6_dev_get_rtnl_net(). 2025-01-20 12:16:04 -08:00
af_ieee802154.h
af_rxrpc.h rxrpc: Allow the app to store private data on peer structs 2025-03-10 09:47:15 +00:00
af_unix.h unix: fix up for "apparmor: add fine grained af_unix mediation" 2025-03-26 09:31:18 -07:00
af_vsock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-08-15 17:18:52 -07:00
ah.h
amt.h
arp.h
atmclip.h
ax25.h ax25: Remove broken autobind 2025-03-24 10:26:53 +00:00
ax88796.h
bareudp.h
bond_3ad.h bonding: Correct spelling in headers 2024-08-26 09:37:22 -07:00
bond_alb.h bonding: Correct spelling in headers 2024-08-26 09:37:22 -07:00
bond_options.h bonding: add ns target multicast address to slave device 2024-11-14 11:16:28 +01:00
bonding.h bonding: check xdp prog when set bond mode 2025-03-25 08:00:09 -07:00
bpf_sk_storage.h
busy_poll.h net: gro: decouple GRO from the NAPI layer 2025-02-27 14:03:14 +01:00
calipso.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
cfg80211-wext.h
cfg80211.h wifi: cfg80211: expose cfg80211_chandef_get_width() 2025-03-12 09:50:24 +01:00
cfg802154.h mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-03-06 21:01:26 +01:00
checksum.h net: checksum: Move from32to16() to generic header 2024-10-30 15:29:59 +01:00
cipso_ipv4.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
cls_cgroup.h
codel.h codel: fix kernel-doc notation warnings 2023-07-14 20:39:29 -07:00
codel_impl.h
codel_qdisc.h
compat.h
datalink.h net: datalink: Remove unused declarations 2023-07-27 17:17:32 -07:00
dcbevent.h
dcbnl.h
devlink.h devlink: add devl guard 2025-01-16 13:04:58 -08:00
dropreason-core.h tcp: add four drop reasons to tcp_check_req() 2025-03-03 15:44:19 -08:00
dropreason.h wifi: mac80211: Drop cooked monitor support 2025-02-11 11:58:17 +01:00
dsa.h net: dsa: implement get_ts_stats ethtool operation for user ports 2025-01-17 20:01:09 -08:00
dsa_stubs.h net: dsa: Use conduit and user terms 2023-10-24 13:08:14 -07:00
dscp.h net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
dsfield.h
dst.h net: reformat kdoc return statements 2024-12-09 14:44:59 -08:00
dst_cache.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
dst_metadata.h net: Add options as a flexible array to struct ip_tunnel_info 2025-02-20 13:17:16 -08:00
dst_ops.h net: fix __dst_negative_advice() race 2024-05-29 17:34:49 -07:00
eee.h net: simplify eeecfg_mac_can_tx_lpi 2024-11-13 18:49:50 -08:00
erspan.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
esp.h
espintcp.h inet: preserve const qualifier in inet_csk() 2024-04-01 21:27:08 -07:00
ethoc.h
failover.h
fib_notifier.h net: do not acquire rtnl in fib_seq_sum() 2024-10-11 15:35:05 -07:00
fib_rules.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
firewire.h
flow.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
flow_dissector.h flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS 2024-07-15 09:14:39 -07:00
flow_offload.h net: sched: propagate "skip_sw" flag to struct flow_cls_common_offload 2024-10-30 17:33:53 -07:00
fou.h
fq.h net: fq: Remove unused typedef fq_flow_get_default_t 2023-08-08 15:58:23 -07:00
fq_impl.h
garp.h
gen_stats.h
genetlink.h net: reformat kdoc return statements 2024-12-09 14:44:59 -08:00
geneve.h
gre.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
gro.h net: gro: expose GRO init/cleanup to use outside of NAPI 2025-02-27 14:03:14 +01:00
gro_cells.h
gso.h
gtp.h gtp: properly parse extension headers 2024-05-07 01:35:55 +02:00
gue.h
handshake.h net/handshake: Add helpers for parsing incoming TLS Alerts 2023-07-28 14:07:59 -07:00
hotdata.h net: introduce per netns packet chains 2025-03-24 13:58:22 -07:00
hwbm.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
icmp.h
ieee8021q.h net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
ieee80211_radiotap.h wireless fixes for v6.12-rc5 2024-10-25 10:44:41 +01:00
ieee802154_netdev.h mac802154: Handle association requests from peers 2023-11-20 11:43:03 +01:00
if_inet6.h ipv6: anycast: complete RCU handling of struct ifacaddr6 2024-02-26 18:40:34 -08:00
ife.h
inet6_connection_sock.h tcp/dccp: Remove inet_connection_sock_af_ops.addr2sockaddr(). 2025-03-24 12:10:13 -07:00
inet6_hashtables.h tcp: convert to dev_net_rcu() 2025-03-03 15:44:19 -08:00
inet_common.h net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
inet_connection_sock.h tcp/dccp: remove icsk->icsk_ack.timeout 2025-03-25 10:34:33 -07:00
inet_dscp.h
inet_ecn.h
inet_frag.h inet: frags: change inet_frag_kill() to defer refcount updates 2025-03-18 13:18:36 +01:00
inet_hashtables.h inet: call inet6_ehashfn() once from inet6_hash_connect() 2025-03-06 15:26:02 -08:00
inet_sock.h sctp: Prepare sctp_v4_get_dst() to dscp_t conversion. 2025-01-06 13:49:38 -08:00
inet_timewait_sock.h tcp: Measure TIME-WAIT reuse delay with millisecond precision 2024-12-11 20:17:33 -08:00
inetpeer.h inetpeer: remove create argument of inet_getpeer() 2024-12-17 19:37:00 -08:00
ioam6.h net: ioam6: multicast event 2024-02-28 11:19:41 +00:00
ip.h net: use netif_disable_lro in ipv6_add_dev 2025-04-03 15:32:08 -07:00
ip6_checksum.h
ip6_fib.h ipv6: use READ_ONCE()/WRITE_ONCE() on fib6_table->fib_seq 2024-10-11 15:35:05 -07:00
ip6_route.h ipv6: fix source address selection with route leak 2024-07-14 07:34:16 -07:00
ip6_tunnel.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
ip_fib.h ipv4: fib: Allocate fib_info_hash[] during netns initialisation. 2025-03-03 15:04:09 -08:00
ip_tunnels.h net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ip_vs.h
ipcomp.h xfrm: ipcomp: Use crypto_acomp interface 2025-03-21 17:36:49 +08:00
ipconfig.h
ipv6.h ipv6: fix _DEVADD() and _DEVUPD() macros 2025-03-25 07:31:24 -07:00
ipv6_frag.h inet: frags: change inet_frag_kill() to defer refcount updates 2025-03-18 13:18:36 +01:00
ipv6_stubs.h ipv6: udp: constify 'struct net' parameter of socket lookups 2024-08-05 16:27:26 -07:00
iw_handler.h Revert "wifi: cfg80211: unexport wireless_nlevent_flush()" 2024-10-09 08:53:01 +02:00
kcm.h kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-19 18:36:12 -07:00
l3mdev.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
lag.h
lapb.h net: lapb: increase LAPB_HEADER_LEN 2024-12-06 17:43:08 -08:00
llc.h
llc_c_ac.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_ev.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_st.h llc: Constify struct llc_conn_state_trans 2024-07-15 08:51:01 -07:00
llc_conn.h llc: Check netns in llc_estab_match() and llc_listener_match(). 2023-07-20 10:46:28 +02:00
llc_if.h
llc_pdu.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h llc: Constify struct llc_sap_state_trans 2024-07-15 08:51:19 -07:00
llc_sap.h
lwtunnel.h inet: fix lwtunnel_valid_encap_type() lock imbalance 2025-03-05 19:16:56 -08:00
mac80211.h wifi: mac80211: add ieee80211_iter_chan_contexts_mtx 2025-02-26 15:48:47 +01:00
mac802154.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
macsec.h net: macsec: Add endianness annotations in salt struct 2025-01-20 12:20:42 +00:00
mctp.h net: mctp: Remove unnecessary cast in mctp_cb 2025-03-21 18:18:12 +01:00
mctpdevice.h net: mctp: Expose transport binding identifier via IFLA attribute 2024-11-09 09:04:54 -08:00
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: sysctl: add available_path_managers 2025-03-20 10:14:49 +01:00
mrp.h
ncsi.h
ndisc.h ipv6: eliminate ndisc_ops_is_useropt() 2024-08-12 17:23:57 -07:00
neighbour.h neighbour: Create netdev->neighbour association 2024-11-09 13:22:57 -08:00
neighbour_tables.h neighbour: Create netdev->neighbour association 2024-11-09 13:22:57 -08:00
net_debug.h Kbuild updates for v6.13 2024-11-30 13:41:50 -08:00
net_failover.h
net_namespace.h net: introduce per netns packet chains 2025-03-24 13:58:22 -07:00
net_ratelimit.h
net_shaper.h net-shapers: implement NL get operation 2024-10-10 08:30:22 -07:00
net_trackers.h
netdev_lock.h netdevsim: add dummy device notifiers 2025-04-03 15:32:08 -07:00
netdev_netlink.h net: add granular lock for the netdev netlink socket 2025-03-12 13:32:35 -07:00
netdev_queues.h net: report csum_complete via qstats 2025-02-12 16:37:35 -08:00
netdev_rx_queue.h net: designate queue -> napi linking as "ops protected" 2025-03-25 10:06:49 -07:00
netevent.h
netkit.h bpf, netkit: Add indirect call wrapper for fetching peer dev 2023-11-20 10:15:16 -08:00
netlabel.h Networking changes for 6.13. 2024-11-21 08:28:08 -08:00
netlink.h netlink: Add nla_put_empty_nest helper 2025-02-17 16:46:03 -08:00
netmem.h net: generalise net_iov chunk owners 2025-02-06 16:27:30 -08:00
netprio_cgroup.h
netrom.h
nexthop.h net: nexthop: Increase weight to u16 2024-08-12 17:50:34 -07:00
nl802154.h ieee802154: Correct spelling in nl802154.h 2024-08-30 22:30:55 +02:00
nsh.h net: NSH: fix kernel-doc notation warning 2023-07-14 20:39:29 -07:00
p8022.h net: 802: Remove unused function declarations 2023-08-04 15:33:50 -07:00
pfcp.h pfcp: always set pfcp metadata 2024-04-01 10:49:28 +01:00
pie.h pie: fix kernel-doc notation warning 2023-07-14 20:39:30 -07:00
ping.h
pkt_cls.h net: sched: refine software bypass handling in tc_run 2025-01-20 09:21:27 +00:00
pkt_sched.h net/sched: Add helper macros with module names 2024-02-02 10:57:55 -08:00
pptp.h
proto_memory.h net: move sysctl_mem_pcpu_rsv to net_hotdata 2024-04-30 18:46:52 -07:00
protocol.h ipv6: move tcp_ipv6_hash_secret and udp_ipv6_hash_secret to net_hotdata 2024-03-07 21:12:43 -08:00
psample.h net: psample: fix flag being set in wrong skb 2024-07-11 18:11:31 -07:00
psnap.h
raw.h
rawv6.h
red.h net: sched: Correct spelling in headers 2024-08-26 09:37:23 -07:00
regulatory.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
request_sock.h tcp: move reqsk_alloc() to inet_connection_sock.c 2024-06-06 15:18:04 +02:00
rose.h
route.h ipv4: add RCU protection to ip4_dst_hoplimit() 2025-02-06 16:14:14 -08:00
rpl.h
rps.h net: rfs: hash function change 2025-03-25 08:24:13 -07:00
rsi_91x.h rsi: remove kernel-doc comment marker 2023-07-14 20:39:30 -07:00
rstreason.h tcp: rstreason: introduce SK_RST_REASON_TCP_DISCONNECT_WITH_DATA for active reset 2024-08-07 10:24:46 +01:00
rtnetlink.h rtnetlink: Remove "net" from newlink params 2025-02-21 15:28:03 -08:00
rtnh.h
sch_generic.h net: sched: Fix truncation of offloaded action statistics 2025-02-05 18:32:06 -08:00
scm.h lsm: replace context+len with lsm_context 2024-12-04 14:42:31 -05:00
secure_seq.h
seg6.h ipv6: sr: restruct ifdefines 2024-05-30 18:29:38 -07:00
seg6_hmac.h ipv6: sr: restruct ifdefines 2024-05-30 18:29:38 -07:00
seg6_local.h seg6: Use nested-BH locking for seg6_bpf_srh_states. 2024-06-24 16:41:23 -07:00
selftests.h
slhc_vj.h
smc.h net/smc: add operations to merge sndbuf with peer DMB 2024-04-30 13:24:48 +02:00
snmp.h percpu: use TYPEOF_UNQUAL() in variable declarations 2025-03-16 22:05:53 -07:00
sock.h net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. 2025-04-09 19:11:55 -07:00
sock_reuseport.h net: core: annotate socks of struct sock_reuseport with __counted_by 2024-08-02 17:16:59 -07:00
stp.h
strparser.h strparser: Add read_sock callback 2025-01-29 13:32:08 -08:00
switchdev.h net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-02-16 09:36:37 +00:00
tc_wrapper.h Merge branch 'x86/bugs' into x86/core, to pick up pending changes before dependent patches 2024-02-14 10:49:37 +01:00
tcp.h Revert "tcp: avoid atomic operations on sk->sk_rmem_alloc" 2025-03-31 16:53:54 -07:00
tcp_ao.h net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals 2024-11-03 12:10:11 -08:00
tcp_states.h tcp: Dump bound-only sockets in inet_diag. 2023-12-04 14:45:26 -08:00
tcx.h bpf: Fix too early release of tcx_entry 2024-07-08 14:07:31 -07:00
timewait_sock.h tcp: get rid of twsk_unique() 2024-05-09 20:25:55 -07:00
tipc.h
tls.h tls: block decryption when a rekey is pending 2024-12-16 12:47:29 +00:00
tls_prot.h net/tls: Add TLS Alert definitions 2023-07-28 14:07:59 -07:00
tls_toe.h
transp_v6.h inet6: Remove unused function declaration udpv6_connect() 2023-08-01 15:06:27 -07:00
tso.h
tun_proto.h
udp.h Revert "udp_tunnel: GRO optimizations" 2025-03-25 09:15:07 -07:00
udp_tunnel.h Revert "udp_tunnel: GRO optimizations" 2025-03-25 09:15:07 -07:00
udplite.h udplite: fix various data-races 2023-09-14 16:16:36 +02:00
vsock_addr.h
vxlan.h vxlan: Track reserved bits explicitly as part of the configuration 2024-12-09 14:47:04 -08:00
wext.h
x25.h x25: Correct spelling in x25.h 2024-08-26 09:37:23 -07:00
x25device.h
xdp.h xdp: remove xdp_alloc_skb_bulk() 2025-02-27 14:03:52 +01:00
xdp_priv.h
xdp_sock.h xsk: Add launch time hardware offload support to XDP Tx metadata 2025-02-20 15:13:45 -08:00
xdp_sock_drv.h xsk: Add launch time hardware offload support to XDP Tx metadata 2025-02-20 15:13:45 -08:00
xfrm.h xfrm: check for PMTU in tunnel mode for packet offload 2025-02-21 08:08:15 +01:00
xsk_buff_pool.h xsk: add helper to get &xdp_desc's DMA and meta pointer in one go 2025-02-10 17:54:43 -08:00