aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/fib_rules.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/fib_rules.c')
-rw-r--r--net/ipv4/fib_rules.c23
1 files changed, 17 insertions, 6 deletions
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 9f2906679d1f..b78fd28970c9 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -103,16 +103,27 @@ errout:
static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg)
{
+ struct fib_result *result = (struct fib_result *) arg->result;
+ struct net_device *dev = result->fi->fib_dev;
+
/* do not accept result if the route does
* not meet the required prefix length
*/
- struct fib_result *result = (struct fib_result *) arg->result;
- if (result->prefixlen < rule->table_prefixlen_min) {
- if (!(arg->flags & FIB_LOOKUP_NOREF))
- fib_info_put(result->fi);
- return true;
- }
+ if (result->prefixlen < rule->table_prefixlen_min)
+ goto suppress_route;
+
+ /* do not accept result if the route uses a device
+ * belonging to a forbidden interface group
+ */
+ if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup)
+ goto suppress_route;
+
return false;
+
+suppress_route:
+ if (!(arg->flags & FIB_LOOKUP_NOREF))
+ fib_info_put(result->fi);
+ return true;
}
static int fib4_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.