picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

network: make RouteDenyList= filter route prefix rather than gateway address 

DenyList= filters provided prefixes, not router address.
So, RouteDenyLisy= should so for consistency.

Fixes 16c89e649d.
This commit is contained in:
Yu Watanabe 2020-12-24 13:12:40 +09:00
parent 1cd5267e81
commit 19e334bd15
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/network/networkd-ndisc.c
View File

@ -820,7 +820,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
_cleanup_(route_freep) Route *route = NULL;
union in_addr_union gateway;
union in_addr_union gateway, dst;
uint32_t lifetime;
unsigned preference, prefixlen;
usec_t time_now;
@ -835,20 +835,24 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
if (lifetime == 0)
return 0;
r = sd_ndisc_router_get_address(rt, &gateway.in6);
r = sd_ndisc_router_route_get_address(rt, &dst.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
return log_link_error_errno(link, r, "Failed to get route address: %m");
if (set_contains(link->network->ndisc_deny_listed_route_prefix, &gateway.in6)) {
if (set_contains(link->network->ndisc_deny_listed_route_prefix, &dst.in6)) {
if (DEBUG_LOGGING) {
_cleanup_free_ char *buf = NULL;
(void) in_addr_to_string(AF_INET6, &gateway, &buf);
(void) in_addr_to_string(AF_INET6, &dst, &buf);
log_link_debug(link, "Route Prefix '%s' is deny-listed, ignoring", strnull(buf));
}
return 0;
}
r = sd_ndisc_router_get_address(rt, &gateway.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
if (link_has_ipv6_address(link, &gateway.in6) > 0) {
if (DEBUG_LOGGING) {
_cleanup_free_ char *buf = NULL;
@ -880,15 +884,12 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
route->priority = link->network->dhcp6_route_metric;
route->protocol = RTPROT_RA;
route->pref = preference;
route->gw.in6 = gateway.in6;
route->gw = gateway;
route->gw_family = AF_INET6;
route->dst = dst;
route->dst_prefixlen = prefixlen;
route->lifetime = time_now + lifetime * USEC_PER_SEC;
r = sd_ndisc_router_route_get_address(rt, &route->dst.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get route address: %m");
r = ndisc_route_configure(route, link, rt);
if (r < 0)
return log_link_error_errno(link, r, "Could not set additional route: %m");