| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <32de887afdc7d6851e7c53d27a21f1389bb0bd0f.1624604535.git.antony.antony@secunet.com>
Date: Fri, 25 Jun 2021 09:04:10 +0200
From: Antony Antony <antony.antony@...unet.com>
To: "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>
CC: <netdev@...r.kernel.org>,
Christian Perle <christian.perle@...unet.com>,
Antony Antony <antony.antony@...unet.com>
Subject: [PATCH net-next] ipv6: Add sysctl for RA default route table number
From: Christian Perle <christian.perle@...unet.com>
Default routes learned from router advertisements(RA) are always placed
in main routing table. For policy based routing setups one may
want a different table for default routes. This commit adds a sysctl
to make table number for RA default routes configurable.
examples:
sysctl net.ipv6.route.defrtr_table
sysctl -w net.ipv6.route.defrtr_table=42
ip -6 route show table 42
Signed-off-by: Christian Perle <christian.perle@...unet.com>
Signed-off-by: Antony Antony <antony.antony@...unet.com>
---
include/net/netns/ipv6.h | 1 +
net/ipv6/route.c | 13 +++++++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index bde0b7adb4a3..0eb599ee621a 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -53,6 +53,7 @@ struct netns_sysctl_ipv6 {
int seg6_flowlabel;
bool skip_notify_on_dev_down;
u8 fib_notify_on_flag_change;
+ u32 ip6_rt_defrtr_table;
};
struct netns_ipv6 {
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 7b756a7dc036..5c561f5b7618 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -4336,7 +4336,7 @@ struct fib6_info *rt6_get_dflt_router(struct net *net,
const struct in6_addr *addr,
struct net_device *dev)
{
- u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT;
+ u32 tb_id = l3mdev_fib_table(dev) ? : net->ipv6.sysctl.ip6_rt_defrtr_table;
struct fib6_info *rt;
struct fib6_table *table;
@@ -4371,7 +4371,7 @@ struct fib6_info *rt6_add_dflt_router(struct net *net,
u32 defrtr_usr_metric)
{
struct fib6_config cfg = {
- .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT,
+ .fc_table = l3mdev_fib_table(dev) ? : net->ipv6.sysctl.ip6_rt_defrtr_table,
.fc_metric = defrtr_usr_metric,
.fc_ifindex = dev->ifindex,
.fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
@@ -6391,6 +6391,13 @@ static struct ctl_table ipv6_route_table_template[] = {
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
+ {
+ .procname = "defrtr_table",
+ .data = &init_net.ipv6.sysctl.ip6_rt_defrtr_table,
+ .maxlen = sizeof(u32),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
{ }
};
@@ -6415,6 +6422,7 @@ struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
table[10].data = &net->ipv6.sysctl.skip_notify_on_dev_down;
+ table[11].data = &net->ipv6.sysctl.ip6_rt_defrtr_table;
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
@@ -6486,6 +6494,7 @@ static int __net_init ip6_route_net_init(struct net *net)
net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
net->ipv6.sysctl.skip_notify_on_dev_down = 0;
+ net->ipv6.sysctl.ip6_rt_defrtr_table = RT6_TABLE_DFLT;
net->ipv6.ip6_rt_gc_expire = 30*HZ;
--
2.20.1
Powered by blists - more mailing lists