xfrm: Handle blackhole route creation via afinfo.
That way we don't have to potentially do this in every xfrm_lookup() caller. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -1025,18 +1025,12 @@ struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi *fl,
|
||||
return ERR_PTR(err);
|
||||
if (final_dst)
|
||||
ipv6_addr_copy(&fl->fl6_dst, final_dst);
|
||||
if (can_sleep) {
|
||||
if (can_sleep)
|
||||
fl->flags |= FLOWI_FLAG_CAN_SLEEP;
|
||||
err = __xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
|
||||
if (err == -EREMOTE)
|
||||
return ip6_dst_blackhole(sock_net(sk), dst);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
} else {
|
||||
err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
}
|
||||
|
||||
err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
return dst;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
|
||||
@@ -1070,18 +1064,12 @@ struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi *fl,
|
||||
return ERR_PTR(err);
|
||||
if (final_dst)
|
||||
ipv6_addr_copy(&fl->fl6_dst, final_dst);
|
||||
if (can_sleep) {
|
||||
if (can_sleep)
|
||||
fl->flags |= FLOWI_FLAG_CAN_SLEEP;
|
||||
err = __xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
|
||||
if (err == -EREMOTE)
|
||||
return ip6_dst_blackhole(sock_net(sk), dst);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
} else {
|
||||
err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
}
|
||||
|
||||
err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
|
||||
if (err)
|
||||
return ERR_PTR(err);
|
||||
return dst;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
|
||||
|
||||
@@ -870,7 +870,7 @@ struct dst_entry * ip6_route_output(struct net *net, struct sock *sk,
|
||||
|
||||
EXPORT_SYMBOL(ip6_route_output);
|
||||
|
||||
struct dst_entry *ip6_dst_blackhole(struct net *net, struct dst_entry *dst_orig)
|
||||
struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig)
|
||||
{
|
||||
struct rt6_info *rt = dst_alloc(&ip6_dst_blackhole_ops, 1);
|
||||
struct rt6_info *ort = (struct rt6_info *) dst_orig;
|
||||
@@ -907,7 +907,6 @@ struct dst_entry *ip6_dst_blackhole(struct net *net, struct dst_entry *dst_orig)
|
||||
dst_release(dst_orig);
|
||||
return new ? new : ERR_PTR(-ENOMEM);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(ip6_dst_blackhole);
|
||||
|
||||
/*
|
||||
* Destination cache support functions
|
||||
|
||||
@@ -274,6 +274,7 @@ static struct xfrm_policy_afinfo xfrm6_policy_afinfo = {
|
||||
.get_tos = xfrm6_get_tos,
|
||||
.init_path = xfrm6_init_path,
|
||||
.fill_dst = xfrm6_fill_dst,
|
||||
.blackhole_route = ip6_blackhole_route,
|
||||
};
|
||||
|
||||
static int __init xfrm6_policy_init(void)
|
||||
|
||||
Reference in New Issue
Block a user