[PATCH net-next 6/9] net: Enable kernel side filtering of route dumps

Thu, 11 Oct 2018 08:07:00 -0700 

From: David Ahern <dsah...@gmail.com>

Update parsing of route dump request to enable kernel side filtering.
Allow filtering results by protocol (e.g., which routing daemon installed
the route), route type (e.g., unicast), table id and nexthop device. These
amount to the low hanging fruit, yet a huge improvement, for dumping
routes.

ip_valid_fib_dump_req is called with RTNL held, so __dev_get_by_index can
be used to look up the device index without taking a reference. From
there filter->dev is only used during dump loops with the lock still held.

Signed-off-by: David Ahern <dsah...@gmail.com>
---
 net/ipv4/fib_frontend.c | 45 ++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 1528b0919951..a99f2c7ba4e6 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -806,7 +806,11 @@ int ip_valid_fib_dump_req(struct net *net, const struct 
nlmsghdr *nlh,
                          struct fib_dump_filter *filter,
                          struct netlink_ext_ack *extack)
 {
+       struct nlattr *tb[RTA_MAX + 1];
        struct rtmsg *rtm;
+       int err, i;
+
+       ASSERT_RTNL();
 
        if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*rtm))) {
                NL_SET_ERR_MSG(extack, "Invalid header for FIB dump request");
@@ -815,8 +819,7 @@ int ip_valid_fib_dump_req(struct net *net, const struct 
nlmsghdr *nlh,
 
        rtm = nlmsg_data(nlh);
        if (rtm->rtm_dst_len || rtm->rtm_src_len  || rtm->rtm_tos   ||
-           rtm->rtm_table   || rtm->rtm_protocol || rtm->rtm_scope ||
-           rtm->rtm_type) {
+           rtm->rtm_scope) {
                NL_SET_ERR_MSG(extack, "Invalid values in header for FIB dump 
request");
                return -EINVAL;
        }
@@ -825,9 +828,41 @@ int ip_valid_fib_dump_req(struct net *net, const struct 
nlmsghdr *nlh,
                return -EINVAL;
        }
 
-       if (nlmsg_attrlen(nlh, sizeof(*rtm))) {
-               NL_SET_ERR_MSG(extack, "Invalid data after header in FIB dump 
request");
-               return -EINVAL;
+       filter->flags    = rtm->rtm_flags;
+       filter->protocol = rtm->rtm_protocol;
+       filter->rt_type  = rtm->rtm_type;
+       filter->table_id = rtm->rtm_table;
+
+       err = nlmsg_parse_strict(nlh, sizeof(*rtm), tb, RTA_MAX,
+                                rtm_ipv4_policy, extack);
+       if (err < 0)
+               return err;
+
+       for (i = 0; i <= RTA_MAX; ++i) {
+               int ifindex;
+
+               if (!tb[i])
+                       continue;
+
+               switch (i) {
+               case RTA_TABLE:
+                       filter->table_id = nla_get_u32(tb[i]);
+                       break;
+               case RTA_OIF:
+                       ifindex = nla_get_u32(tb[i]);
+                       filter->dev = __dev_get_by_index(net, ifindex);
+                       if (!filter->dev)
+                               return -ENODEV;
+                       break;
+               default:
+                       NL_SET_ERR_MSG(extack, "Unsupported attribute in dump 
request");
+                       return -EINVAL;
+               }
+       }
+
+       if (filter->flags || filter->protocol || filter->rt_type ||
+           filter->table_id || filter->dev) {
+               filter->filter_set = 1;
        }
 
        return 0;
-- 
2.11.0

Reply via email to