Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / 2887dec4438f37edfd8dbf355af23d61cfdd4c27^! / . / include / net
commit2887dec4438f37edfd8dbf355af23d61cfdd4c27[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Tue Mar 18 20:52:27 2014 +0900
committerSamir Mehta <samirn@codeaurora.org>Tue Aug 05 18:01:30 2014 +0530
tree820f262ff612b449760fbf18a498f74e4f5958eb
parent653be181eef3589b47119cd68c985975119fa61f [diff]
net: add a sysctl to reflect the fwmark on replies

Kernel-originated IP packets that have no user socket associated
with them (e.g., ICMP errors and echo replies, TCP RSTs, etc.)
are emitted with a mark of zero. Add a sysctl to make them have
the same mark as the packet they are replying to.

This allows an administrator that wishes to do so to use
mark-based routing, firewalling, etc. for these replies by
marking the original packets inbound.

Tested using user-mode linux:
 - ICMP/ICMPv6 echo replies and errors.
 - TCP RST packets (IPv4 and IPv6).

Change-Id: I95d896647b278d092ef331d1377b959da1deb042
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 3356997e1e1b2aa9959f046203e6d0b193bbd7f7
Git-repo: https://android.googlesource.com/kernel/common.git
[imaund@codeaurora.org: Resolve trivial merge conflicts.]
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Signed-off-by: Samir Mehta <samirn@codeaurora.org>

diff --git a/include/net/ip.h b/include/net/ip.h
index b53d65f..f6c3f02 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h

@@ -237,6 +237,9 @@
 
 extern void ip_static_sysctl_init(void);
 
+#define IP4_REPLY_MARK(net, mark) \
+	((net)->ipv4.sysctl_fwmark_reflect ? (mark) : 0)
+
 static inline bool ip_is_fragment(const struct iphdr *iph)
 {
 	return (iph->frag_off & htons(IP_MF | IP_OFFSET)) != 0;

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index a5a9e4d..2161a39 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h

@@ -109,6 +109,9 @@
 
 #define	IP6_MF	0x0001
 
+#define IP6_REPLY_MARK(net, mark) \
+	((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0)
+
 #include <net/sock.h>
 
 /* sysctls */

diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index bbd023a..446db34 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h

@@ -56,6 +56,7 @@
 
 	unsigned int sysctl_ping_group_range[2];
 	long sysctl_tcp_mem[3];
+	int sysctl_fwmark_reflect;
 
 	atomic_t rt_genid;
 	atomic_t dev_addr_genid;

diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index 81abfcb..20b76ab 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h

@@ -25,6 +25,7 @@
 	int ip6_rt_mtu_expires;
 	int ip6_rt_min_advmss;
 	int icmpv6_time;
+	int fwmark_reflect;
 };
 
 struct netns_ipv6 {