summaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorStefan Tomanek <stefan.tomanek@wertarbyte.de>2013-08-02 17:19:56 +0200
committerDavid S. Miller <davem@davemloft.net>2013-08-03 00:24:22 +0200
commit6ef94cfafba159d6b1a902ccb3349ac6a34ff6ad (patch)
treef2d7afebf4534ea50273165f4b0798aed704a37c /net/ipv6
parenticmpv6_filter: allow ICMPv6 messages with bodies < 4 bytes (diff)
downloadlinux-6ef94cfafba159d6b1a902ccb3349ac6a34ff6ad.tar.xz
linux-6ef94cfafba159d6b1a902ccb3349ac6a34ff6ad.zip
fib_rules: add route suppression based on ifgroup
This change adds the ability to suppress a routing decision based upon the interface group the selected interface belongs to. This allows it to exclude specific devices from a routing decision. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/fib6_rules.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 554a4fbabfb3..36283267e2f8 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -122,14 +122,24 @@ out:
static bool fib6_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg)
{
struct rt6_info *rt = (struct rt6_info *) arg->result;
+ struct net_device *dev = rt->rt6i_idev->dev;
/* do not accept result if the route does
* not meet the required prefix length
*/
- if (rt->rt6i_dst.plen < rule->table_prefixlen_min) {
+ if (rt->rt6i_dst.plen < rule->table_prefixlen_min)
+ goto suppress_route;
+
+ /* do not accept result if the route uses a device
+ * belonging to a forbidden interface group
+ */
+ if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup)
+ goto suppress_route;
+
+ return false;
+
+suppress_route:
ip6_rt_put(rt);
return true;
- }
- return false;
}
static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)