net: Fix vti use case with oif in dst lookups

Steffen reported that the recent change to add oif to dst lookups breaks
the VTI use case. The problem is that with the oif set in the flow struct
the comparison to the nh_oif is triggered. Fix by splitting the
FLOWI_FLAG_VRFSRC into 2 flags -- one that triggers the vrf device cache
bypass (FLOWI_FLAG_VRFSRC) and another telling the lookup to not compare
nh oif (FLOWI_FLAG_SKIP_NH_OIF).

Fixes: 42a7b32b73 ("xfrm: Add oif to dst lookups")

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2015-09-15 15:10:50 -07:00 committed by David S. Miller
parent d828755eae
commit 58189ca7b2
6 changed files with 9 additions and 4 deletions

View File

@ -193,7 +193,8 @@ static netdev_tx_t vrf_process_v4_outbound(struct sk_buff *skb,
.flowi4_oif = vrf_dev->ifindex, .flowi4_oif = vrf_dev->ifindex,
.flowi4_iif = LOOPBACK_IFINDEX, .flowi4_iif = LOOPBACK_IFINDEX,
.flowi4_tos = RT_TOS(ip4h->tos), .flowi4_tos = RT_TOS(ip4h->tos),
.flowi4_flags = FLOWI_FLAG_ANYSRC | FLOWI_FLAG_VRFSRC, .flowi4_flags = FLOWI_FLAG_ANYSRC | FLOWI_FLAG_VRFSRC |
FLOWI_FLAG_SKIP_NH_OIF,
.daddr = ip4h->daddr, .daddr = ip4h->daddr,
}; };

View File

@ -35,6 +35,7 @@ struct flowi_common {
#define FLOWI_FLAG_ANYSRC 0x01 #define FLOWI_FLAG_ANYSRC 0x01
#define FLOWI_FLAG_KNOWN_NH 0x02 #define FLOWI_FLAG_KNOWN_NH 0x02
#define FLOWI_FLAG_VRFSRC 0x04 #define FLOWI_FLAG_VRFSRC 0x04
#define FLOWI_FLAG_SKIP_NH_OIF 0x08
__u32 flowic_secid; __u32 flowic_secid;
struct flowi_tunnel flowic_tun_key; struct flowi_tunnel flowic_tun_key;
}; };

View File

@ -255,7 +255,7 @@ static inline void ip_route_connect_init(struct flowi4 *fl4, __be32 dst, __be32
flow_flags |= FLOWI_FLAG_ANYSRC; flow_flags |= FLOWI_FLAG_ANYSRC;
if (netif_index_is_vrf(sock_net(sk), oif)) if (netif_index_is_vrf(sock_net(sk), oif))
flow_flags |= FLOWI_FLAG_VRFSRC; flow_flags |= FLOWI_FLAG_VRFSRC | FLOWI_FLAG_SKIP_NH_OIF;
flowi4_init_output(fl4, oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE, flowi4_init_output(fl4, oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE,
protocol, flow_flags, dst, src, dport, sport); protocol, flow_flags, dst, src, dport, sport);

View File

@ -1426,7 +1426,7 @@ found:
nh->nh_flags & RTNH_F_LINKDOWN && nh->nh_flags & RTNH_F_LINKDOWN &&
!(fib_flags & FIB_LOOKUP_IGNORE_LINKSTATE)) !(fib_flags & FIB_LOOKUP_IGNORE_LINKSTATE))
continue; continue;
if (!(flp->flowi4_flags & FLOWI_FLAG_VRFSRC)) { if (!(flp->flowi4_flags & FLOWI_FLAG_SKIP_NH_OIF)) {
if (flp->flowi4_oif && if (flp->flowi4_oif &&
flp->flowi4_oif != nh->nh_oif) flp->flowi4_oif != nh->nh_oif)
continue; continue;

View File

@ -1024,7 +1024,8 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
if (netif_index_is_vrf(net, ipc.oif)) { if (netif_index_is_vrf(net, ipc.oif)) {
flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos, flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos,
RT_SCOPE_UNIVERSE, sk->sk_protocol, RT_SCOPE_UNIVERSE, sk->sk_protocol,
(flow_flags | FLOWI_FLAG_VRFSRC), (flow_flags | FLOWI_FLAG_VRFSRC |
FLOWI_FLAG_SKIP_NH_OIF),
faddr, saddr, dport, faddr, saddr, dport,
inet->inet_sport); inet->inet_sport);

View File

@ -33,6 +33,8 @@ static struct dst_entry *__xfrm4_dst_lookup(struct net *net, struct flowi4 *fl4,
if (saddr) if (saddr)
fl4->saddr = saddr->a4; fl4->saddr = saddr->a4;
fl4->flowi4_flags = FLOWI_FLAG_SKIP_NH_OIF;
rt = __ip_route_output_key(net, fl4); rt = __ip_route_output_key(net, fl4);
if (!IS_ERR(rt)) if (!IS_ERR(rt))
return &rt->dst; return &rt->dst;