From: Patrick McHardy Date: Thu, 3 Dec 2009 20:07:14 +0000 (+0000) Subject: iprule: add oif classification support X-Git-Tag: v2.6.33~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85eae222d252546435bb5638b15d46ccfc9df32a;p=thirdparty%2Fiproute2.git iprule: add oif classification support David Miller wrote: > From: Patrick McHardy > Date: Mon, 30 Nov 2009 19:00:14 +0100 > >> This patch contains iproute support for iprule oif classification >> for the send-to-self RFC I just sent out. > > Patrick, you need to submit a new version of this patch with > the FIB_RULE_* macro fixed, just like the kernel version got > fixed. Thanks for reminind me of this. New patch attached. commit 0fe5164cbaa1d65dda341075710be71bf1f32d10 Author: Patrick McHardy Date: Fri Dec 4 07:06:18 2009 +0100 iprule: add oif classification support Signed-off-by: Patrick McHardy --- diff --git a/ip/iprule.c b/ip/iprule.c index 20be990b0..7140375fc 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -34,7 +34,7 @@ static void usage(void) { fprintf(stderr, "Usage: ip rule [ list | add | del | flush ] SELECTOR ACTION\n"); fprintf(stderr, "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"); - fprintf(stderr, " [ dev STRING ] [ pref NUMBER ]\n"); + fprintf(stderr, " [ iif STRING ] [ oif STRING ] [ pref NUMBER ]\n"); fprintf(stderr, "ACTION := [ table TABLE_ID ]\n"); fprintf(stderr, " [ prohibit | reject | unreachable ]\n"); fprintf(stderr, " [ realms [SRCREALM/]DSTREALM ]\n"); @@ -142,7 +142,13 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) if (tb[FRA_IFNAME]) { fprintf(fp, "iif %s ", (char*)RTA_DATA(tb[FRA_IFNAME])); - if (r->rtm_flags & FIB_RULE_DEV_DETACHED) + if (r->rtm_flags & FIB_RULE_IIF_DETACHED) + fprintf(fp, "[detached] "); + } + + if (tb[FRA_OIFNAME]) { + fprintf(fp, "oif %s ", (char*)RTA_DATA(tb[FRA_OIFNAME])); + if (r->rtm_flags & FIB_RULE_OIF_DETACHED) fprintf(fp, "[detached] "); } @@ -307,6 +313,9 @@ static int iprule_modify(int cmd, int argc, char **argv) strcmp(*argv, "iif") == 0) { NEXT_ARG(); addattr_l(&req.n, sizeof(req), FRA_IFNAME, *argv, strlen(*argv)+1); + } else if (strcmp(*argv, "oif") == 0) { + NEXT_ARG(); + addattr_l(&req.n, sizeof(req), FRA_OIFNAME, *argv, strlen(*argv)+1); } else if (strcmp(*argv, "nat") == 0 || matches(*argv, "map-to") == 0) { NEXT_ARG(); diff --git a/man/man8/ip.8 b/man/man8/ip.8 index a8fccc410..fab337d99 100644 --- a/man/man8/ip.8 +++ b/man/man8/ip.8 @@ -240,7 +240,9 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .IR TOS " ] [ " .B fwmark .IR FWMARK[/MASK] " ] [ " -.B dev +.B iif +.IR STRING " ] [ " +.B oif .IR STRING " ] [ " .B pref .IR NUMBER " ]" @@ -1935,6 +1937,12 @@ the rule only matches packets originating from this host. This means that you may create separate routing tables for forwarded and local packets and, hence, completely segregate them. +.TP +.BI oif " NAME" +select the outgoing device to match. The outgoing interface is only +available for packets originating from local sockets that are bound to +a device. + .TP .BI tos " TOS" .TP