picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

network: make RouteDenyList= filter route prefix rather than gateway address 

DenyList= filters provided prefixes, not router address.
So, RouteDenyLisy= should so for consistency.

Fixes 16c89e649d.
This commit is contained in:
Yu Watanabe 2020-12-24 13:12:40 +09:00
parent 1cd5267e81
commit 19e334bd15
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/network/networkd-ndisc.c
View File

@ -820,7 +820,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
_cleanup_(route_freep) Route *route = NULL; _cleanup_(route_freep) Route *route = NULL;
union in_addr_union gateway; union in_addr_union gateway, dst;
uint32_t lifetime; uint32_t lifetime;
unsigned preference, prefixlen; unsigned preference, prefixlen;
usec_t time_now; usec_t time_now;
@ -835,20 +835,24 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
if (lifetime == 0) if (lifetime == 0)
return 0; return 0;
r = sd_ndisc_router_get_address(rt, &gateway.in6); r = sd_ndisc_router_route_get_address(rt, &dst.in6);
if (r < 0) if (r < 0)
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m"); return log_link_error_errno(link, r, "Failed to get route address: %m");
if (set_contains(link->network->ndisc_deny_listed_route_prefix, &gateway.in6)) { if (set_contains(link->network->ndisc_deny_listed_route_prefix, &dst.in6)) {
if (DEBUG_LOGGING) { if (DEBUG_LOGGING) {
_cleanup_free_ char *buf = NULL; _cleanup_free_ char *buf = NULL;
(void) in_addr_to_string(AF_INET6, &gateway, &buf); (void) in_addr_to_string(AF_INET6, &dst, &buf);
log_link_debug(link, "Route Prefix '%s' is deny-listed, ignoring", strnull(buf)); log_link_debug(link, "Route Prefix '%s' is deny-listed, ignoring", strnull(buf));
} }
return 0; return 0;
} }
r = sd_ndisc_router_get_address(rt, &gateway.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
if (link_has_ipv6_address(link, &gateway.in6) > 0) { if (link_has_ipv6_address(link, &gateway.in6) > 0) {
if (DEBUG_LOGGING) { if (DEBUG_LOGGING) {
_cleanup_free_ char *buf = NULL; _cleanup_free_ char *buf = NULL;
@ -880,15 +884,12 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
route->priority = link->network->dhcp6_route_metric; route->priority = link->network->dhcp6_route_metric;
route->protocol = RTPROT_RA; route->protocol = RTPROT_RA;
route->pref = preference; route->pref = preference;
route->gw.in6 = gateway.in6; route->gw = gateway;
route->gw_family = AF_INET6; route->gw_family = AF_INET6;
route->dst = dst;
route->dst_prefixlen = prefixlen; route->dst_prefixlen = prefixlen;
route->lifetime = time_now + lifetime * USEC_PER_SEC; route->lifetime = time_now + lifetime * USEC_PER_SEC;
r = sd_ndisc_router_route_get_address(rt, &route->dst.in6);
if (r < 0)
return log_link_error_errno(link, r, "Failed to get route address: %m");
r = ndisc_route_configure(route, link, rt); r = ndisc_route_configure(route, link, rt);
if (r < 0) if (r < 0)
return log_link_error_errno(link, r, "Could not set additional route: %m"); return log_link_error_errno(link, r, "Could not set additional route: %m");