network: make RouteDenyList= filter route prefix rather than gateway address
DenyList= filters provided prefixes, not router address.
So, RouteDenyLisy= should so for consistency.
Fixes 16c89e649d
.
This commit is contained in:
parent
1cd5267e81
commit
19e334bd15
|
@ -820,7 +820,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
|
||||||
|
|
||||||
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
||||||
_cleanup_(route_freep) Route *route = NULL;
|
_cleanup_(route_freep) Route *route = NULL;
|
||||||
union in_addr_union gateway;
|
union in_addr_union gateway, dst;
|
||||||
uint32_t lifetime;
|
uint32_t lifetime;
|
||||||
unsigned preference, prefixlen;
|
unsigned preference, prefixlen;
|
||||||
usec_t time_now;
|
usec_t time_now;
|
||||||
|
@ -835,20 +835,24 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
||||||
if (lifetime == 0)
|
if (lifetime == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
r = sd_ndisc_router_get_address(rt, &gateway.in6);
|
r = sd_ndisc_router_route_get_address(rt, &dst.in6);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
|
return log_link_error_errno(link, r, "Failed to get route address: %m");
|
||||||
|
|
||||||
if (set_contains(link->network->ndisc_deny_listed_route_prefix, &gateway.in6)) {
|
if (set_contains(link->network->ndisc_deny_listed_route_prefix, &dst.in6)) {
|
||||||
if (DEBUG_LOGGING) {
|
if (DEBUG_LOGGING) {
|
||||||
_cleanup_free_ char *buf = NULL;
|
_cleanup_free_ char *buf = NULL;
|
||||||
|
|
||||||
(void) in_addr_to_string(AF_INET6, &gateway, &buf);
|
(void) in_addr_to_string(AF_INET6, &dst, &buf);
|
||||||
log_link_debug(link, "Route Prefix '%s' is deny-listed, ignoring", strnull(buf));
|
log_link_debug(link, "Route Prefix '%s' is deny-listed, ignoring", strnull(buf));
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
r = sd_ndisc_router_get_address(rt, &gateway.in6);
|
||||||
|
if (r < 0)
|
||||||
|
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
|
||||||
|
|
||||||
if (link_has_ipv6_address(link, &gateway.in6) > 0) {
|
if (link_has_ipv6_address(link, &gateway.in6) > 0) {
|
||||||
if (DEBUG_LOGGING) {
|
if (DEBUG_LOGGING) {
|
||||||
_cleanup_free_ char *buf = NULL;
|
_cleanup_free_ char *buf = NULL;
|
||||||
|
@ -880,15 +884,12 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
||||||
route->priority = link->network->dhcp6_route_metric;
|
route->priority = link->network->dhcp6_route_metric;
|
||||||
route->protocol = RTPROT_RA;
|
route->protocol = RTPROT_RA;
|
||||||
route->pref = preference;
|
route->pref = preference;
|
||||||
route->gw.in6 = gateway.in6;
|
route->gw = gateway;
|
||||||
route->gw_family = AF_INET6;
|
route->gw_family = AF_INET6;
|
||||||
|
route->dst = dst;
|
||||||
route->dst_prefixlen = prefixlen;
|
route->dst_prefixlen = prefixlen;
|
||||||
route->lifetime = time_now + lifetime * USEC_PER_SEC;
|
route->lifetime = time_now + lifetime * USEC_PER_SEC;
|
||||||
|
|
||||||
r = sd_ndisc_router_route_get_address(rt, &route->dst.in6);
|
|
||||||
if (r < 0)
|
|
||||||
return log_link_error_errno(link, r, "Failed to get route address: %m");
|
|
||||||
|
|
||||||
r = ndisc_route_configure(route, link, rt);
|
r = ndisc_route_configure(route, link, rt);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_error_errno(link, r, "Could not set additional route: %m");
|
return log_link_error_errno(link, r, "Could not set additional route: %m");
|
||||||
|
|
Loading…
Reference in a new issue