[IPv6] route: Fix prohibit and blackhole routing decision

Thomas Graf Wed, 18 Oct 2006 03:06:42 -0700

Lookups resolving to ip6_blk_hole_entry must result in silently
discarding the packets whereas an ip6_pkt_prohibit_entry is
supposed to cause an ICMPV6_ADM_PROHIBITED message to be sent.


Thanks to Kim Nordlund <[EMAIL PROTECTED]> for noticing
this bug.

Signed-off-by: Thomas Graf <[EMAIL PROTECTED]>

Index: net-2.6/net/ipv6/route.c
===================================================================
--- net-2.6.orig/net/ipv6/route.c       2006-10-18 11:06:45.000000000 +0200
+++ net-2.6/net/ipv6/route.c    2006-10-18 11:48:27.000000000 +0200
@@ -94,6 +94,9 @@
 
 static int             ip6_pkt_discard(struct sk_buff *skb);
 static int             ip6_pkt_discard_out(struct sk_buff *skb);
+static int             ip6_pkt_prohibit(struct sk_buff *skb);
+static int             ip6_pkt_prohibit_out(struct sk_buff *skb);
+static int             ip6_pkt_blk_hole(struct sk_buff *skb);
 static void            ip6_link_failure(struct sk_buff *skb);
 static void            ip6_rt_update_pmtu(struct dst_entry *dst, u32 mtu);
 
@@ -150,8 +153,8 @@
                        .obsolete       = -1,
                        .error          = -EACCES,
                        .metrics        = { [RTAX_HOPLIMIT - 1] = 255, },
-                       .input          = ip6_pkt_discard,
-                       .output         = ip6_pkt_discard_out,
+                       .input          = ip6_pkt_prohibit,
+                       .output         = ip6_pkt_prohibit_out,
                        .ops            = &ip6_dst_ops,
                        .path           = (struct 
dst_entry*)&ip6_prohibit_entry,
                }
@@ -170,8 +173,8 @@
                        .obsolete       = -1,
                        .error          = -EINVAL,
                        .metrics        = { [RTAX_HOPLIMIT - 1] = 255, },
-                       .input          = ip6_pkt_discard,
-                       .output         = ip6_pkt_discard_out,
+                       .input          = ip6_pkt_blk_hole,
+                       .output         = ip6_pkt_blk_hole,
                        .ops            = &ip6_dst_ops,
                        .path           = (struct 
dst_entry*)&ip6_blk_hole_entry,
                }
@@ -1743,24 +1746,46 @@
  *     Drop the packet on the floor
  */
 
-static int ip6_pkt_discard(struct sk_buff *skb)
+static inline int ip6_pkt_drop(struct sk_buff *skb, int code)
 {
        int type = ipv6_addr_type(&skb->nh.ipv6h->daddr);
        if (type == IPV6_ADDR_ANY || type == IPV6_ADDR_RESERVED)
                IP6_INC_STATS(IPSTATS_MIB_INADDRERRORS);
 
        IP6_INC_STATS(IPSTATS_MIB_OUTNOROUTES);
-       icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_NOROUTE, 0, skb->dev);
+       icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0, skb->dev);
        kfree_skb(skb);
        return 0;
 }
 
+static int ip6_pkt_discard(struct sk_buff *skb)
+{
+       return ip6_pkt_drop(skb, ICMPV6_NOROUTE);
+}
+
 static int ip6_pkt_discard_out(struct sk_buff *skb)
 {
        skb->dev = skb->dst->dev;
        return ip6_pkt_discard(skb);
 }
 
+static int ip6_pkt_prohibit(struct sk_buff *skb)
+{
+       return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED);
+}
+
+static int ip6_pkt_prohibit_out(struct sk_buff *skb)
+{
+       skb->dev = skb->dst->dev;
+       return ip6_pkt_prohibit(skb);
+}
+
+static int ip6_pkt_blk_hole(struct sk_buff *skb)
+{
+       kfree_skb(skb);
+       return 0;
+}
+
 /*
  *     Allocate a dst for local (unicast / anycast) address.
  */
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[IPv6] route: Fix prohibit and blackhole routing decision

Reply via email to