Re: [patch net] ipv6: do not create neighbor entries for local delivery
From: Hannes Frederic Sowa <hidden>
Date: 2013-08-12 22:26:45
Hi Marcelo! On Mon, Aug 12, 2013 at 03:09:19PM -0300, Marcelo Ricardo Leitner wrote:
Hannes, would something like this be acceptable? I'm hoping it's not too ugly/hacky... as far as I could track back, input and output routines were merged mainly due code similarity.
Your idea seems sound and I don't think it is very ugly or hacky. It's as minimal as a stable-only patch should be. But we could simplify the logic a bit. ;) See below.
TPROXY scenario needs to not create this neighbor entries on INPUT path, while Debabrata ping test needs it on OUTPUT path. This patch limits my previous patch to INPUT only then.
Yes, agreed. I don't see anything which could break because of this patch. So I would go with it.
Initial testing here seems good, TPROXY seems to be working as expected and also the ping6 test. What do you think?
quoted hunk ↗ jump to hunk
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 18ea73c..603f9d9 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c@@ -791,7 +791,7 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, } static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif, - struct flowi6 *fl6, int flags) + struct flowi6 *fl6, int flags, int output)
bool input
quoted hunk ↗ jump to hunk
{ struct fib6_node *fn; struct rt6_info *rt, *nrt;@@ -799,8 +799,11 @@ static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int attempts = 3; int err; int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE; + int local = RTF_NONEXTHOP; strict |= flags & RT6_LOOKUP_F_IFACE; + if (!output) + local |= RTF_LOCAL;
if (input) local |= RTF_LOCAL;
quoted hunk ↗ jump to hunk
relookup: read_lock_bh(&table->tb6_lock);@@ -820,7 +823,7 @@ restart: read_unlock_bh(&table->tb6_lock); if (!dst_get_neighbour_raw(&rt->dst) - && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) + && !(rt->rt6i_flags & local)) nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); else if (!(rt->dst.flags & DST_HOST)) nrt = rt6_alloc_clone(rt, &fl6->daddr);@@ -864,7 +867,7 @@ out2: static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table, struct flowi6 *fl6, int flags) { - return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags); + return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags, 0);
true);
quoted hunk ↗ jump to hunk
} void ip6_route_input(struct sk_buff *skb)@@ -890,7 +893,7 @@ void ip6_route_input(struct sk_buff *skb) static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table, struct flowi6 *fl6, int flags) { - return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); + return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags, 1);
false);
} struct dst_entry * ip6_route_output(struct net *net, const struct sock *sk,
Thanks, Hannes