Re: [PATCH 13/13] [RFC] [IPV6] Fix source prefix routing problems when source address undefined.

Tue, 17 Oct 2006 04:00:35 -0700 

In article <[EMAIL PROTECTED]> (at Tue, 17 Oct 2006 12:14:02 +0200), Thomas 
Graf <[EMAIL PROTECTED]> says:

> * Ville Nuorvala <[EMAIL PROTECTED]> 2006-10-17 03:27
> > @@ -123,7 +111,7 @@ static int fib6_rule_match(struct fib_ru
> >             return 0;
> > 
> >     if (r->src.plen) {
> > -           if (!(flags & RT6_LOOKUP_F_HAS_SADDR) ||
> > +           if (flags & RT6_LOOKUP_F_HAS_SADDR &&
> >                 !ipv6_prefix_equal(&fl->fl6_src, &r->src.addr, r->src.plen))
> >                     return 0;
> >     }
> 
> This is wrong, rules matching on a source prefix must fail if no
> source address is available.

Why?

> >  static struct rt6_info *ip6_pol_route_output(struct fib6_table *table,
> > -                                        struct flowi *fl, int flags)
> > +                                        struct flowi *fl, int flags,
> > +                                        struct fib6_rule *rule)
> >  {
> >     struct fib6_node *fn;
> >     struct rt6_info *rt, *nrt;
> > @@ -730,6 +733,16 @@ static struct rt6_info *ip6_pol_route_ou
> >     struct in6_addr saddr;
> > 
> >     ipv6_addr_copy(&saddr, &fl->fl6_src);
> > +#ifdef CONFIG_IPV6_SUBTREES
> > +   if (!has_saddr && rule->src.plen > 0) {
> > +           /* a source prefix specific policy rule has to override the
> > +              normal source address selection process */
> > +           if (ipv6_get_saddr(fl->oif, &fl->fl6_dst, &rule->src, &saddr))
> > +                   goto no_saddr;
> > +           has_saddr = RT6_LOOKUP_F_HAS_SADDR;
> > +           ipv6_addr_copy(&fl->fl6_src, &saddr);
> > +   }
> > +#endif
> >  relookup:
> >     read_lock_bh(&table->tb6_lock);
> 
> I can see why you want the above change but we have to find another way.

Please explain.

Do you mean that we should decide source address before we look up
rule and route?


We have to allow users to use auto-bind; user may NOT supply a
source address for the packet.
Routing is done BEFORE the source address selection (RFC3484 Section 7).

We have rule for routing lookup with source address.  To get consistent result,
source address in the rule should be ignored when matching if user is not
supplied the source.  Instead, we try finding appropriate source address
which is compliant to the rule.

--yoshfuji
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to